CVE-2019-10384

2019-08-30T05:28:32
ID RH:CVE-2019-10384
Type redhatcve
Reporter redhat.com
Modified 2021-03-18T08:50:21

Description

A flaw was found in Jenkins. Users are allowed to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. The highest threat from this vulnerability is to data confidentiality and integrity.