Описание
Cross-Site Request Forgery in Jenkins
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10353
- https://github.com/jenkinsci/jenkins/commit/772152315aa0a9ba27b812a4ba0f3f9b64af78d9
- https://access.redhat.com/errata/RHSA-2019:2503
- https://access.redhat.com/errata/RHSA-2019:2548
- https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626
- http://www.openwall.com/lists/oss-security/2019/07/17/2
Пакеты
org.jenkins-ci.main:jenkins-core
<= 2.176.1
2.176.2
org.jenkins-ci.main:jenkins-core
>= 2.177, <= 2.185
2.186
Связанные уязвимости
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did ...
Уязвимость сервера автоматизации Jenkins, связанная с отсутсвием идентификатора веб-сеанса, позволяющая нарушителю осуществить межсайтовую подделку запросов и получить несанкционированный доступ к защищаемой информации