Lucene search
Redhat.comRH:CVE-2019-10353HistoryJul 17, 2019 - 7:52 p.m.
CVE-2019-10353
2019-07-1719:52:05
redhat.com
access.redhat.com
5
0.002 Low
EPSS
Percentile
55.9%
A flaw was found in Jenkins in weekly versions prior to 2.186 and LTS versions prior to 2.176.2. By default, CSRF tokens in Jenkins only checked user authentication and IP address which allowed attackers able to obtain a CSRF token for another user. This allowed an attacker to implement CSRF attacks as long as the victimβs IP address remained unchanged. The highest threat from this vulnerability is to data confidentiality and integrity.
Related
cvelist
cvelist
CVE-2019-10353
2019-07-17 15:45:13
nvd
nvd
CVE-2019-10353
2019-07-17 16:15:12
osv
osv
Cross-Site Request Forgery in Jenkins
2022-05-24 16:50:30
CVE-2019-10353
2019-07-17 16:15:12
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-08-16 00:17:48
github
github
Cross-Site Request Forgery in Jenkins
2022-05-24 16:50:30
cve
cve
CVE-2019-10353
2019-07-17 16:15:12
prion
prion
Cross site request forgery (csrf)
2019-07-17 16:15:00
openvas
openvas
Jenkins < 2.186 and < 2.176.2 LTS Multiple Vulnerabilities - Linux
2019-07-31 00:00:00
Jenkins < 2.186 and < 2.176.2 LTS Multiple Vulnerabilities - Windows
2019-07-31 00:00:00
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.11 jenkins (RHSA-2019:2503)
2019-08-20 00:00:00
RHEL 7 : OpenShift Container Platform 4.1 jenkins (RHSA-2019:2548)
2019-08-30 00:00:00
Jenkins < 2.176.2 LTS / 2.186 Multiple Vulnerabilities
2019-07-26 00:00:00
redhat
redhat
freebsd
freebsd
jenkins -- multiple vulnerabilities
2019-07-17 00:00:00