Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
Max CVSS
6.8
EPSS Score
0.17%
Published
2015-11-25
Updated
2019-12-17
1 vulnerabilities found