https://bugzilla.redhat.com/show_bug.cgi?id=1747297
--- Doc Text *updated* by Eric Christensen <sparks(a)redhat.com> ---
A flaw was found in Jenkins. Users are allowed to obtain CSRF tokens without an associated
web session ID, resulting in CSRF tokens that did not expire and could be used to bypass
CSRF protection for the anonymous user. The highest threat from this vulnerability is to
data confidentiality and integrity.
--
You are receiving this mail because:
You are on the CC list for the bug.