CVE-2019-10384

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-28 16:15

Updated : 2024-02-28 17:08


NVD link : CVE-2019-10384

Mitre link : CVE-2019-10384

CVE.ORG link : CVE-2019-10384


JSON object : View

Products Affected

oracle

  • communications_cloud_native_core_automated_test_suite

jenkins

  • jenkins

redhat

  • openshift_container_platform
CWE
CWE-352

Cross-Site Request Forgery (CSRF)