Description

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.

Remediation

References

CVE-2015-5318

Related Vulnerabilities

WordPress Plugin WP Code Highlight.js Cross-Site Request Forgery (0.6.2)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-4408)

WordPress Plugin Blunt GA Cross-Site Scripting (4.0.0)

WordPress Plugin Email Subscribers & Newsletters Multiple Vulnerabilities (2.9)

WordPress Plugin RSVPMaker SQL Injection (5.6.3)

Severity

Medium

Classification

CVE-2015-5318 CWE-352

Tags

Missing Update Known Vulnerabilities