Описание
Jenkins has a CSRF vulnerability on the login form
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.
Пакеты
Наименование
org.jenkins-ci.main:jenkins-core
maven
Затронутые версииВерсия исправления
>= 2.529, < 2.541
2.541
Наименование
org.jenkins-ci.main:jenkins-core
maven
Затронутые версииВерсия исправления
< 2.528.3
2.528.3
Связанные уязвимости
CVSS3: 3.5
nvd
около 1 месяца назад
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.
