CVE-2016-0791 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-0791 PUBLISHED CVSS 7.5 HIGH

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.

EPSS 0.47% · 64.3th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

0.47%

64.3th percentile

Affected Products

Vendor	Product	Versions
redhat	openshift	3.1
n/a	n/a	n/a
Maven	org.jenkins-ci.main:jenkins-core	0
jenkins	jenkins	0, 1.642.1

Timeline

Apr 7, 2016 CVE Published
Jan 5, 2018 CVE Updated
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

RHSA-2016:0711 vendor-advisory
RHSA-2016:1773 vendor-advisory
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 url
https://nvd.nist.gov/vuln/detail/CVE-2016-0791 advisory

Open in Interactive Console →