Lucene search

K
prionPRIOn knowledge basePRION:CVE-2016-0791
HistoryApr 07, 2016 - 11:59 p.m.

Cross site request forgery (csrf)

2016-04-0723:59:00
PRIOn knowledge base
www.prio-n.com
5

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.7%

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.

CPENameOperatorVersion
jenkinsle1.649
jenkinseq1.642.1
openshifteq3.1

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.7%