CVE-2019-10353Cross-Site Request Forgery in Jenkins

CWE-352Cross-Site Request Forgery8 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 61.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsJenkins Project Jenkins
Timeline
PublishedJul 17
Latest updateMay 24

Description

CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

NVDjenkins/jenkins2.176.1+1
CVEListV5jenkins_project/jenkins2.185 and earlier, LTS 2.176.1 and earlier

🔴Vulnerability Details

3
OSV
Cross-Site Request Forgery in Jenkins2022-05-24
GHSA
Cross-Site Request Forgery in Jenkins2022-05-24
CVEList
CVE-2019-10353: CSRF tokens in Jenkins 22019-07-17

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2019-07-172019-07-17
Red Hat
jenkins: CSRF protection tokens did not expire (SECURITY-626)2019-07-17

💬Community

2
Bugzilla
CVE-2019-10353 jenkins: CSRF protection tokens did not expire (SECURITY-626) [fedora-all]2019-07-17
Bugzilla
CVE-2019-10353 jenkins: CSRF protection tokens did not expire (SECURITY-626)2019-07-17
CVE-2019-10353 — Cross-Site Request Forgery in Jenkins | cvebase