Description

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/28/4

https://access.redhat.com/errata/RHSA-2019:2789

https://access.redhat.com/errata/RHSA-2019:3144

https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2022-36914 Vulnerability in maven package org.jenkins-ci.plugins:files-found-trigger

CVE-2019-10319 Vulnerability in maven package org.jenkins-ci.plugins:pam-auth

CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.13

CVE-2020-11112 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-45868 Vulnerability in maven package com.h2database:h2

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory Patch