Описание
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1291797jenkins: CSRF protection ineffective (SECURITY-233)
EPSS
Процентиль: 46%
0.00234
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 10 лет назад
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
CVSS3: 8.8
nvd
около 10 лет назад
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
CVSS3: 8.8
debian
около 10 лет назад
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to ...
CVSS3: 8.8
github
больше 3 лет назад
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
EPSS
Процентиль: 46%
0.00234
Низкий
4.3 Medium
CVSS2