Description
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2006-4943)
PHP Improper Input Validation Vulnerability (CVE-2015-4605)
Moodle CVE-2022-40314 Vulnerability (CVE-2022-40314)
MySQL CVE-2019-2687 Vulnerability (CVE-2019-2687)
WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)