CVE-2019-10384

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10384
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10384.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-10384
Aliases
Downstream
Published
2019-08-28T16:15:10.983Z
Modified
2025-11-29T08:33:11.160664Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/jenkins
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4c99afbf4dbbb5f5ef37ec27298df72a1c7229b7
Last affected
b342fb752d9f9cd4146e8617c75737ca0fd7dd14

Git / github.com/torvalds/linux

Affected ranges

Type
GIT
Repo
https://github.com/torvalds/linux
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6e4664525b1db28f8c4e1130957f70a94c19213e
Last affected
b953c0d234bc72e8489d3bf51a276c5c4ec85345