4 matches found
GHSA-3WMV-7PHP-RHG5 Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...
jenkins: Public value used for CSRF protection salt (SECURITY-169)
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...
jenkins: Public value used for CSRF protection salt (SECURITY-169)
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...
CloudBees Jenkins CSRF Mechanism Bypass Vulnerability
CloudBees Jenkins is the open source continuous integration server. CloudBees Jenkins 1.638, LTS 1.625.2 before the version , the use of public salt to generate CSRF protection tokens , remote attackers through brute-force attacks can bypass the CSRF protection mechanism...