CVE-2019-10384: Cross-Site Request Forgery (CSRF)

August 28, 2019 (updated September 20, 2019)

Jenkins allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.

References

jenkins.io/security/advisory/2019-08-28/
nvd.nist.gov/vuln/detail/CVE-2019-10384

Code Behaviors & Features

Detect and mitigate CVE-2019-10384 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →