GHSA-3VHR-F5XR-8VPX Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack

Cross-site request forgery CSRF vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method...

GHSA-W7QM-FPRW-CQGQ Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors...

GHSA-4653-RMCH-3G2G Jenkins has Information Disclosure via Sidepanel Widget

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

jenkins: CSRF protection ineffective (SECURITY-233)

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors...

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

jenkins: Queue API did show items not visible to the current user (SECURITY-186)

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)

Cross-site request forgery CSRF vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method...