cvelist/2019/10xxx/CVE-2019-10384.json

{
    "CVE_data_meta": {
        "ID": "CVE-2019-10384",
        "ASSIGNER": "jenkinsci-cert@googlegroups.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Jenkins project",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Jenkins",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "2.191 and earlier, LTS 2.176.2 and earlier"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-352"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MLIST",
                "name": "[oss-security] 20190828 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "url": "http://www.openwall.com/lists/oss-security/2019/08/28/4"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:2789",
                "url": "https://access.redhat.com/errata/RHSA-2019:2789"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:3144",
                "url": "https://access.redhat.com/errata/RHSA-2019:3144"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
                "url": "https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491",
                "refsource": "CONFIRM",
                "name": "https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491"
            }
        ]
    }
}
"-Synchronized-Data." 2019-03-29 13:00:44 +00:00			`{`
			`"CVE_data_meta": {`
			`"ID": "CVE-2019-10384",`
"-Synchronized-Data." 2019-08-28 16:00:54 +00:00			`"ASSIGNER": "jenkinsci-cert@googlegroups.com",`
			`"STATE": "PUBLIC"`
Add CVEs for 2019-08-28 Jenkins security advisory 2019-08-28 17:26:45 +02:00			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Jenkins project",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Jenkins",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "2.191 and earlier, LTS 2.176.2 and earlier"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2019-03-29 13:00:44 +00:00			`},`
Add CVEs for 2019-08-28 Jenkins security advisory 2019-08-28 17:26:45 +02:00			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2019-03-29 13:00:44 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Add CVEs for 2019-08-28 Jenkins security advisory 2019-08-28 17:26:45 +02:00			`"value": "Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-352"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
"-Synchronized-Data." 2019-08-28 18:00:52 +00:00			`{`
			`"refsource": "MLIST",`
			`"name": "[oss-security] 20190828 Multiple vulnerabilities in Jenkins and Jenkins plugins",`
			`"url": "http://www.openwall.com/lists/oss-security/2019/08/28/4"`
"-Synchronized-Data." 2019-09-19 15:01:17 +00:00			`},`
"-Synchronized-Data." 2019-09-20 13:00:59 +00:00			`{`
			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:2789",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:2789"`
"-Synchronized-Data." 2019-10-18 04:00:58 +00:00			`},`
			`{`
			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:3144",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:3144"`
Oracle Critical Patch Updates 3rd party CVEs part 1 Committer: Bill Situ <bill.situ@oracle.com> On branch cna/Oracle/CPU2022Apr3rdPart1 Changes to be committed: modified: 2012/5xxx/CVE-2012-5351.json modified: 2013/4xxx/CVE-2013-4002.json modified: 2014/0xxx/CVE-2014-0097.json modified: 2016/10xxx/CVE-2016-10228.json modified: 2017/1000xxx/CVE-2017-1000353.json modified: 2017/14xxx/CVE-2017-14159.json modified: 2017/17xxx/CVE-2017-17740.json modified: 2017/9xxx/CVE-2017-9287.json modified: 2018/1000xxx/CVE-2018-1000067.json modified: 2018/1000xxx/CVE-2018-1000068.json modified: 2018/1000xxx/CVE-2018-1000192.json modified: 2018/1000xxx/CVE-2018-1000193.json modified: 2018/1000xxx/CVE-2018-1000194.json modified: 2018/1000xxx/CVE-2018-1000195.json modified: 2018/11xxx/CVE-2018-11212.json modified: 2018/1999xxx/CVE-2018-1999001.json modified: 2018/1999xxx/CVE-2018-1999002.json modified: 2018/1999xxx/CVE-2018-1999003.json modified: 2018/1999xxx/CVE-2018-1999004.json modified: 2018/1999xxx/CVE-2018-1999005.json modified: 2018/1999xxx/CVE-2018-1999007.json modified: 2018/1xxx/CVE-2018-1285.json modified: 2018/6xxx/CVE-2018-6356.json modified: 2018/8xxx/CVE-2018-8032.json modified: 2019/0xxx/CVE-2019-0227.json modified: 2019/1003xxx/CVE-2019-1003049.json modified: 2019/1003xxx/CVE-2019-1003050.json modified: 2019/10xxx/CVE-2019-10086.json modified: 2019/10xxx/CVE-2019-10247.json modified: 2019/10xxx/CVE-2019-10383.json modified: 2019/10xxx/CVE-2019-10384.json modified: 2019/12xxx/CVE-2019-12086.json modified: 2019/12xxx/CVE-2019-12399.json modified: 2019/12xxx/CVE-2019-12402.json modified: 2019/13xxx/CVE-2019-13038.json modified: 2019/13xxx/CVE-2019-13057.json modified: 2019/13xxx/CVE-2019-13565.json modified: 2019/14xxx/CVE-2019-14822.json modified: 2019/14xxx/CVE-2019-14862.json modified: 2019/16xxx/CVE-2019-16785.json modified: 2019/16xxx/CVE-2019-16786.json modified: 2019/16xxx/CVE-2019-16789.json modified: 2019/16xxx/CVE-2019-16792.json modified: 2019/17xxx/CVE-2019-17195.json modified: 2019/17xxx/CVE-2019-17571.json modified: 2019/18xxx/CVE-2019-18276.json modified: 2019/20xxx/CVE-2019-20388.json modified: 2019/20xxx/CVE-2019-20916.json modified: 2019/25xxx/CVE-2019-25013.json modified: 2019/3xxx/CVE-2019-3738.json modified: 2019/3xxx/CVE-2019-3739.json modified: 2019/3xxx/CVE-2019-3740.json modified: 2019/3xxx/CVE-2019-3799.json modified: 2019/9xxx/CVE-2019-9169.json modified: 2020/10xxx/CVE-2020-10531.json modified: 2020/10xxx/CVE-2020-10543.json modified: 2020/10xxx/CVE-2020-10693.json modified: 2020/10xxx/CVE-2020-10878.json modified: 2020/11xxx/CVE-2020-11022.json modified: 2020/11xxx/CVE-2020-11023.json modified: 2020/11xxx/CVE-2020-11080.json modified: 2020/11xxx/CVE-2020-11612.json modified: 2020/11xxx/CVE-2020-11971.json modified: 2020/11xxx/CVE-2020-11979.json modified: 2020/12xxx/CVE-2020-12243.json modified: 2020/12xxx/CVE-2020-12723.json modified: 2020/13xxx/CVE-2020-13434.json modified: 2020/13xxx/CVE-2020-13543.json modified: 2020/13xxx/CVE-2020-13935.json modified: 2020/13xxx/CVE-2020-13936.json modified: 2020/13xxx/CVE-2020-13954.json modified: 2020/13xxx/CVE-2020-13956.json modified: 2020/14xxx/CVE-2020-14155.json modified: 2020/14xxx/CVE-2020-14340.json modified: 2020/14xxx/CVE-2020-14343.json modified: 2020/15xxx/CVE-2020-15250.json modified: 2020/15xxx/CVE-2020-15358.json modified: 2020/15xxx/CVE-2020-15719.json modified: 2020/16xxx/CVE-2020-16135.json modified: 2020/17xxx/CVE-2020-17521.json modified: 2020/17xxx/CVE-2020-17527.json modified: 2020/17xxx/CVE-2020-17530.json modified: 2020/1xxx/CVE-2020-1968.json modified: 2020/1xxx/CVE-2020-1971.json modified: 2020/24xxx/CVE-2020-24616.json modified: 2020/24xxx/CVE-2020-24750.json modified: 2020/24xxx/CVE-2020-24977.json modified: 2020/25xxx/CVE-2020-25638.json modified: 2020/25xxx/CVE-2020-25648.json modified: 2020/25xxx/CVE-2020-25649.json modified: 2020/25xxx/CVE-2020-25659.json modified: 2020/26xxx/CVE-2020-26217.json modified: 2020/27xxx/CVE-2020-27218.json modified: 2020/27xxx/CVE-2020-27618.json modified: 2020/28xxx/CVE-2020-28052.json modified: 2020/28xxx/CVE-2020-28196.json modified: 2020/28xxx/CVE-2020-28895.json modified: 2020/29xxx/CVE-2020-29363.json modified: 2020/29xxx/CVE-2020-29582.json modified: 2020/35xxx/CVE-2020-35198.json modified: 2020/35xxx/CVE-2020-35490.json modified: 2020/35xxx/CVE-2020-35491.json modified: 2020/35xxx/CVE-2020-35728.json modified: 2020/36xxx/CVE-2020-36179.json modified: 2020/36xxx/CVE-2020-36180.json modified: 2020/36xxx/CVE-2020-36181.json modified: 2020/36xxx/CVE-2020-36182.json modified: 2020/36xxx/CVE-2020-36183.json modified: 2020/36xxx/CVE-2020-36184.json modified: 2020/36xxx/CVE-2020-36185.json modified: 2020/36xxx/CVE-2020-36186.json modified: 2020/36xxx/CVE-2020-36187.json modified: 2020/36xxx/CVE-2020-36188.json modified: 2020/36xxx/CVE-2020-36189.json modified: 2020/36xxx/CVE-2020-36242.json modified: 2020/36xxx/CVE-2020-36518.json modified: 2020/5xxx/CVE-2020-5245.json modified: 2020/5xxx/CVE-2020-5413.json modified: 2020/5xxx/CVE-2020-5421.json modified: 2020/6xxx/CVE-2020-6950.json modified: 2020/7xxx/CVE-2020-7226.json modified: 2020/7xxx/CVE-2020-7595.json modified: 2020/7xxx/CVE-2020-7760.json modified: 2020/8xxx/CVE-2020-8172.json modified: 2020/8xxx/CVE-2020-8174.json modified: 2020/8xxx/CVE-2020-8203.json modified: 2020/8xxx/CVE-2020-8231.json modified: 2020/8xxx/CVE-2020-8277.json modified: 2020/8xxx/CVE-2020-8284.json modified: 2020/8xxx/CVE-2020-8285.json modified: 2020/8xxx/CVE-2020-8286.json modified: 2020/8xxx/CVE-2020-8554.json modified: 2020/8xxx/CVE-2020-8908.json modified: 2020/9xxx/CVE-2020-9488.json modified: 2021/20xxx/CVE-2021-20289.json modified: 2021/21xxx/CVE-2021-21275.json modified: 2021/21xxx/CVE-2021-21290.json modified: 2021/21xxx/CVE-2021-21295.json modified: 2021/21xxx/CVE-2021-21409.json modified: 2021/21xxx/CVE-2021-21703.json modified: 2021/22xxx/CVE-2021-22060.json modified: 2021/22xxx/CVE-2021-22096.json modified: 2021/22xxx/CVE-2021-22118.json modified: 2021/22xxx/CVE-2021-22132.json modified: 2021/22xxx/CVE-2021-22134.json modified: 2021/22xxx/CVE-2021-22144.json modified: 2021/22xxx/CVE-2021-22145.json modified: 2021/22xxx/CVE-2021-22569.json modified: 2021/22xxx/CVE-2021-22570.json modified: 2021/22xxx/CVE-2021-22696.json 2022-04-19 16:10:05 -07:00			`},`
			`{`
"-Synchronized-Data." 2022-04-20 00:01:41 +00:00			`"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",`
			`"refsource": "MISC",`
			`"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"`
			`},`
			`{`
			`"url": "https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491",`
			`"refsource": "CONFIRM",`
			`"name": "https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491"`
"-Synchronized-Data." 2019-03-29 13:00:44 +00:00			`}`
			`]`
			`}`
			`}`