Jenkins Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2019-10384 - Vulnerability Database

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2019-10384

High

Reference: CVE-2019-10384

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-10384

Title: Jenkins Cross-Site Request Forgery (CSRF) Vulnerability

Overview:

Jenkins 2.191 and earlier LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.