CVE-2019-10384

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

History

21 Nov 2024, 04:19

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2019/08/28/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2019/08/28/4 - Mailing List, Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:2789 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2019:2789 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:3144 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2019:3144 - Third Party Advisory
References () https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491 - Vendor Advisory () https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491 - Vendor Advisory
References () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

Information

Published : 2019-08-28 16:15

Updated : 2024-11-21 04:19


NVD link : CVE-2019-10384

Mitre link : CVE-2019-10384

CVE.ORG link : CVE-2019-10384


JSON object : View

Products Affected

oracle

  • communications_cloud_native_core_automated_test_suite

redhat

  • openshift_container_platform

jenkins

  • jenkins
CWE
CWE-352

Cross-Site Request Forgery (CSRF)