Jenkins Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-5318
Reference:
CVE-2015-5318
Title:
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability
Overview:
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.