Description
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)
Squid Improper Certificate Validation Vulnerability (CVE-2023-46724)
Drupal CVE-2009-1576 Vulnerability (CVE-2009-1576)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-2613)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2015-8394)