Description
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/30/5
http://www.securityfocus.com/bid/108159
https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443
Related Vulnerabilities
CVE-2022-37767 Vulnerability in maven package io.pebbletemplates:pebble
CVE-2022-42920 Vulnerability in maven package org.apache.bcel:bcel
CVE-2020-9484 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-8131 Vulnerability in maven package org.webjars.npm:yarn
CVE-2019-16769 Vulnerability in npm package serialize-javascript