Home

CVE-2019-10353

Description

CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.169

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Jenkins 2.185Windows
Vulnerabilities CVE-2019-10354,CVE-2019-10352,CVE-2019-10353 are fixed in Jenkins-Core 2.176.2Windows
Vulnerabilities CVE-2019-10354,CVE-2019-10352,CVE-2019-10353 are fixed in Jenkins-Core 2.186Windows
Multiple vulnerabilities affected in Jenkins 2.185 (For Ubuntu)Linux
Multiple vulnerabilities affected in Jenkins 2.185 (For Debian)Linux
Multiple vulnerabilities affected in Jenkins 2.185 (For Centos)Linux
Multiple vulnerabilities affected in Jenkins 2.185 (For RedHat)Linux
Multiple vulnerabilities affected in Jenkins 2.185 (For Suse)Linux
Vulnerabilities CVE-2019-10354,CVE-2019-10352,CVE-2019-10353 are fixed in Jenkins-Core for Linux 2.176.2Linux
Vulnerabilities CVE-2019-10354,CVE-2019-10352,CVE-2019-10353 are fixed in Jenkins-Core for Linux 2.186Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234