{"id":"CVE-2019-10315","details":"Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.","aliases":["GHSA-phwv-crgp-9r69"],"modified":"2026-04-10T04:13:05.785006Z","published":"2019-04-30T13:29:05.813Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/108159"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/04/30/5"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/github-oauth-plugin","events":[{"introduced":"0"},{"last_affected":"33b46703ddbbacbe4c3c607cdb59df2c801e92c8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.31"}]}}],"versions":["github-oauth-0.12","github-oauth-0.13","github-oauth-0.13.1","github-oauth-0.14","github-oauth-0.15","github-oauth-0.16","github-oauth-0.17","github-oauth-0.18","github-oauth-0.19","github-oauth-0.20","github-oauth-0.21","github-oauth-0.21.1","github-oauth-0.21.2","github-oauth-0.22","github-oauth-0.22.1","github-oauth-0.22.2","github-oauth-0.22.3","github-oauth-0.23","github-oauth-0.24","github-oauth-0.25","github-oauth-0.26","github-oauth-0.27","github-oauth-0.28","github-oauth-0.28.1","github-oauth-0.31"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10315.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}