CSRF tokens in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Synopsis
Important: OpenShift Container Platform 41 jenkins security update
Type/Severity
Security Advisory: Important
Topic
An update for jenkins is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis
Important: OpenShift Container Platform 311 jenkins security update
Type/Severity
Security Advisory: Important
Topic
An update for jenkins is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Important A Commo ...
By default, CSRF tokens in Jenkins before 2186 only checked user authentication and IP address This allowed attackers able to obtain a CSRF token for another user to implement CSRF attacks as long as the victim’s IP address remained unchanged ...
Vulmon