Security
Headlines

Headlines Latest CVEs

Headline

GHSA-6837-qgrc-x5p6: Jenkins has a CSRF vulnerability on the login form

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker’s account.

5 days ago

#csrf #vulnerability #git #java #intel #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-67639

Jenkins has a CSRF vulnerability on the login form

Low severity GitHub Reviewed Published Dec 10, 2025 to the GitHub Advisory Database • Updated Dec 10, 2025

Package

maven org.jenkins-ci.main:jenkins-core (Maven)

Affected versions

>= 2.529, < 2.541

< 2.528.3

Patched versions

2.541

2.528.3

Description

Published to the GitHub Advisory Database

Dec 10, 2025

Last updated

Dec 10, 2025

EPSS score

ghsa: Latest News

GHSA-vx9q-rhv9-3jvg: aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

2 days ago

GHSA-3jp5-5f8r-q2wg: Vuetify has a Prototype Pollution vulnerability

2 days ago

GHSA-9w3x-85mw-4fwm: Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component

2 days ago

GHSA-m5gv-vj3f-6v2p: Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations

2 days ago

GHSA-55jh-84jv-8mx8: Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

2 days ago