8 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10353 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10353 Source advisory: OSV:GHSA-HCXF-RQ72-H4RR...
RHEL 7 : OpenShift Container Platform 3.11 jenkins (RHSA-2019:2503)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2503 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
Jenkins < 2.176.2 LTS / 2.186 Multiple Vulnerabilities
The version of Jenkins running on the remote web server is prior to 2.186 or is a version of Jenkins LTS prior to 2.176.2. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file write vulnerability exists due to an incomplete fix for SECURITY-1074, the improper validation of...
FreeBSD : jenkins -- multiple vulnerabilities (df3db21d-1a4d-4c78-acf7-4639e5a795e0)
Jenkins Security Advisory : DescriptionMedium SECURITY-1424 / CVE-2019-10352 Arbitrary file write vulnerability using file parameter definitions High SECURITY-626 / CVE-2019-10353 CSRF protection tokens did not expire Medium SECURITY-534 / CVE-2019-10354 Unauthorized view fragment access C Tenabl...
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection...
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection...
CVE-2019-10353
CVE-2019-10353 affects Jenkins up to version 2.185 and earlier, and Jenkins LTS up to 2.176.1 and earlier. The root cause is CSRF tokens that did not expire, enabling attackers who obtain tokens to bypass CSRF protection. The related in-document entries (e.g., JENKINS_2_186 and GHSA-HCXF-RQ72-H4R...
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection...