Vulnerability Details : CVE-2019-10353
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Vulnerability category: Cross-site request forgery (CSRF)
Threat overview for CVE-2019-10353
Top countries where our scanners detected CVE-2019-10353
Top open port discovered on systems with this issue 80
IPs affected by CVE-2019-10353 5,853
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2019-10353!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-10353
Probability of exploitation activity in the next 30 days: 0.19%
CVSS scores for CVE-2019-10353
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
CWE ids for CVE-2019-10353
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by:
- email@example.com (Secondary)
- firstname.lastname@example.org (Primary)
References for CVE-2019-10353
oss-security - Multiple vulnerabilities in JenkinsMailing List;Third Party Advisory
RHSA-2019:2503 - Security Advisory - Red Hat Customer Portal
RHSA-2019:2548 - Security Advisory - Red Hat Customer Portal
Jenkins Multiple Security Vulnerabilities
Jenkins Security Advisory 2019-07-17Vendor Advisory