Launch Week Day 1: Announcing Security Design Review
Start for Free
LOW 3.5 Maven

Jenkins has a CSRF vulnerability on the login form

GHSA-6837-qgrc-x5p6 · BIT-jenkins-2025-67639 · CVE-2025-67639

Published · Modified

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes