2019-03-29 13:00:44 +00:00
{
"CVE_data_meta" : {
"ID" : "CVE-2019-10384" ,
2019-08-28 16:00:54 +00:00
"ASSIGNER" : "jenkinsci-cert@googlegroups.com" ,
"STATE" : "PUBLIC"
2019-08-28 17:26:45 +02:00
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Jenkins project" ,
"product" : {
"product_data" : [
{
"product_name" : "Jenkins" ,
"version" : {
"version_data" : [
{
"version_value" : "2.191 and earlier, LTS 2.176.2 and earlier"
}
]
}
}
]
}
}
]
}
2019-03-29 13:00:44 +00:00
} ,
2019-08-28 17:26:45 +02:00
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
2019-03-29 13:00:44 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2019-08-28 17:26:45 +02:00
"value" : "Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-352"
}
]
}
]
} ,
"references" : {
"reference_data" : [
2019-08-28 18:00:52 +00:00
{
"refsource" : "MLIST" ,
"name" : "[oss-security] 20190828 Multiple vulnerabilities in Jenkins and Jenkins plugins" ,
"url" : "http://www.openwall.com/lists/oss-security/2019/08/28/4"
2019-09-19 15:01:17 +00:00
} ,
{
"url" : "https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491" ,
"refsource" : "CONFIRM" ,
"name" : "https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491"
2019-09-20 13:00:59 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:2789" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:2789"
2019-10-18 04:00:58 +00:00
} ,
{
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:3144" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:3144"
2019-03-29 13:00:44 +00:00
}
]
}
}
