Lucene search

K
cvelistRedhatCVELIST:CVE-2016-0791
HistoryApr 07, 2016 - 11:00 p.m.

CVE-2016-0791

2016-04-0723:00:00
redhat
www.cve.org

9.3 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.

9.3 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%