2 matches found
The vulnerability of the Jenkins automation server, related to the absence of a web session identifier, allows attackers to perform cross-site forgery attacks and gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server relates to the absence of a web session identifier. Exploiting this vulnerability allows a malicious actor to perform cross-site fraudulently and gain unauthorized access to protected information...
Tomcat/JBoss Web - Bypass of CSRF prevention filter
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...