Lucene search
K

4 matches found

OSV
OSV
added 2022/05/13 1:30 a.m.2 views

GHSA-3WMV-7PHP-RHG5 Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...

2.1CVSS5.9AI score0.0116EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/03/22 4:49 p.m.3 views

jenkins: Public value used for CSRF protection salt (SECURITY-169)

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...

6.8CVSS7.4AI score0.0116EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/01/26 7:12 p.m.3 views

jenkins: Public value used for CSRF protection salt (SECURITY-169)

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...

6.8CVSS7.4AI score0.0116EPSS
Exploits0References5
CNVD
CNVD
added 2015/11/26 12:0 a.m.4 views

CloudBees Jenkins CSRF Mechanism Bypass Vulnerability

CloudBees Jenkins is the open source continuous integration server. CloudBees Jenkins 1.638, LTS 1.625.2 before the version , the use of public salt to generate CSRF protection tokens , remote attackers through brute-force attacks can bypass the CSRF protection mechanism...

6.8CVSS7AI score0.0116EPSS
Exploits0References1
Rows per page
Query Builder