3 matches found
BIT-JENKINS-2025-67639
A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...
GHSA-HCXF-RQ72-H4RR Cross-Site Request Forgery in Jenkins
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection...
GHSA-RGMJ-MCCJ-H9MX Cross-Site Request Forgery in Jenkins
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...