CVE-2019-10384: Cross-Site Request Forgery (CSRF)
(updated )
Jenkins allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
References
Detect and mitigate CVE-2019-10384 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →