CVE-2016-0791
CVSS v3.0
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
0.72 % (81th)
Affected Products
2
Advisories
3
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
Weaknesses
- CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2016-04-07 23:59:02
(8 years ago) - Updated Date
-
2018-01-05 02:30:30
(6 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...