jenkins: CSRF protection tokens did not expire (SECURITY-626)
A flaw was found in Jenkins in weekly versions prior to 2.186 and LTS versions prior to 2.176.2. By default, CSRF tokens in Jenkins only checked user authentication and IP address which allowed attackers able to obtain a CSRF token for another user. This allowed an attacker to implement CSRF...