Description
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Remediation
References
Related Vulnerabilities
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)
PHP Resource Management Errors Vulnerability (CVE-2011-1657)
Joomla Improper Privilege Management Vulnerability (CVE-2018-11323)
Oracle Database Server CVE-2014-6547 Vulnerability (CVE-2014-6547)
Grafana Improper Authentication Vulnerability (CVE-2021-28148)