CVE-2019-10315

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10315

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10315.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10315

Aliases

GHSA-phwv-crgp-9r69

Published

2019-04-30T13:29:05.813Z

Modified

2026-03-14T22:29:29.343872Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.

References

Affected packages

Git / github.com/jenkinsci/github-oauth-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/github-oauth-plugin

Events

Introduced

Last affected

33b46703ddbbacbe4c3c607cdb59df2c801e92c8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.31"
        }
    ]
}

Affected versions

github-oauth-0.*

github-oauth-0.12

github-oauth-0.13

github-oauth-0.13.1

github-oauth-0.14

github-oauth-0.15

github-oauth-0.16

github-oauth-0.17

github-oauth-0.18

github-oauth-0.19

github-oauth-0.20

github-oauth-0.21

github-oauth-0.21.1

github-oauth-0.21.2

github-oauth-0.22

github-oauth-0.22.1

github-oauth-0.22.2

github-oauth-0.22.3

github-oauth-0.23

github-oauth-0.24

github-oauth-0.25

github-oauth-0.26

github-oauth-0.27

github-oauth-0.28

github-oauth-0.28.1

github-oauth-0.29

github-oauth-0.30

github-oauth-0.31

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10315.json"