Jenkins 2.191 and previous versions, LTS 2.176.2 and previous versions allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |
||
oracle communications cloud native core automated test suite 1.9.0 |
||
redhat openshift container platform 3.11 |
||
redhat openshift container platform 4.1 |