vulnerability

Red Hat OpenShift: CVE-2019-10384: jenkins: CSRF protection tokens for anonymous users did not expire in some circumstances (SECURITY-1491)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Aug 28, 2019	Oct 8, 2019	Apr 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Aug 28, 2019

Added

Oct 8, 2019

Modified

Apr 11, 2025

Description

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.

Solution

linuxrpm-upgrade-jenkins

References

CVE-2019-10384
https://attackerkb.com/topics/CVE-2019-10384
REDHAT-RHSA-2019:2789
REDHAT-RHSA-2019:3144

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today