CVE-2019-10384

Published: 2019-08-28T16:15Z

Last Modified: 2024-11-21T04:19Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt