CVE-2019-10315

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 71.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Github AuthenticationJenkins Project Jenkins Github Authentication Plugin
Timeline
PublishedApr 30
Latest updateMay 24

Description

Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Jenkins GitHub Authentication Plugin Cross-Site Request Forgery vulnerability2022-05-24
GHSA
Jenkins GitHub Authentication Plugin Cross-Site Request Forgery vulnerability2022-05-24
CVEList
CVE-2019-10315: Jenkins GitHub Authentication Plugin 02019-04-30

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-04-302019-04-30
CVE-2019-10315 (HIGH CVSS 8.8) | Jenkins GitHub Authentication Plugi | cvebase.io