CSRF Token Expiration Bypass in Jenkins 2.185 and Earlier

CSRF Token Expiration Bypass in Jenkins 2.185 and Earlier

CVE-2019-10353 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.

Learn more about our Web Application Penetration Testing UK.