CVE-2019-10353: Cross-Site Request Forgery (CSRF)

July 17, 2019 (updated July 26, 2019)

CSRF tokens in Jenkins did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.

References

jenkins.io/security/advisory/2019-07-17/
nvd.nist.gov/vuln/detail/CVE-2019-10353

Detect and mitigate CVE-2019-10353 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →