https://bugzilla.redhat.com/show_bug.cgi?id=1730877
Bug ID: 1730877 Summary: CVE-2019-10353 jenkins: CSRF protection tokens did not expire (SECURITY-626) Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=important,public=20190717,reported=20190717,sou rce=internet,cvss3=7.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S: U/C:H/I:H/A:L,cwe=CWE-352,openshift-enterprise-3.6/jen kins=new,openshift-enterprise-3.7/jenkins=new,openshif t-enterprise-3.9/jenkins=new,openshift-enterprise-3.10 /jenkins=new,openshift-enterprise-3.11/jenkins=new,ope nshift-enterprise-4.1/jenkins=new,fedora-all/jenkins=a ffected Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: lpardo@redhat.com CC: abenaiss@redhat.com, adam.kaplan@redhat.com, ahardin@redhat.com, aos-bugs@redhat.com, bleanhar@redhat.com, ccoleman@redhat.com, dedgar@redhat.com, eparis@redhat.com, java-sig-commits@lists.fedoraproject.org, jgoulding@redhat.com, jokerman@redhat.com, mchappel@redhat.com, mizdebsk@redhat.com, msrb@redhat.com, vbobade@redhat.com, wzheng@redhat.com Target Milestone: --- Classification: Other
A vulnerability was found in Jenkins versions weekly before 2.186 and LTS before 2.176.2. By default, CSRF tokens in Jenkins only checked user authentication and IP address. This allowed attackers able to obtain a CSRF token for another user to implement CSRF attacks as long as the victim’s IP address remained unchanged.