Wherever possible, do not use it to allow bypassing CSRF protection. Since Jenkins 2.96, requests using Basic authentication providing an API token do not need ...
Responses to POST requests that do not set a CSRF crumb/token may in very rare cases change in unexpected ways due to the fix for SECURITY-1774.
Missing: book/ | Show results with:book/
https://jenkins.io. Description: Allows tweaking ... Restore the ability to disable CSRF protection after the UI for doing so was removed from Jenkins 2.222.
... CSRF token (crumb) since Jenkins 2.96. To disable ... Learn more: https://jenkins.io/redirect/stapler-facet-restrictions ... jenkins.security.stapler.
Missing: book/ | Show results with:book/
Jan 24, 2024 · The "Resource Root URL" functionality is enabled (see documentation). ... Remote code execution via CSRF protection bypass ... Content-Security- ...
Missing: book/ | Show results with:book/
May 12, 2024 · Add a new Reply URL https://{your_jenkins_host}/ ... io/doc/book/security/access-control/disable/) ... CSRF protection for any URL can be bypassed.
Aug 16, 2023 · Descriptions. CSRF vulnerability in Folders Plugin may approve unsandboxed scripts. SECURITY-3106 / CVE-2023-40336. Severity (CVSS): High
Missing: book/ | Show results with:book/
Authentication (users prove who they are) is done using a security realm. The security realm determines user identity and group memberships.
Jul 12, 2023 · mabl Plugin 0.0.47 defines the appropriate context for credentials lookup. CSRF vulnerability and missing permission checks in mabl Plugin allow ...
Missing: book/ | Show results with:book/
Sep 6, 2023 · Description: Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict a name query parameter when rendering a history ...
Missing: book/ | Show results with:book/