An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ycjZyLXA3cnctMzY5Y84AATfz

Session Fixation in Jenkins

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/ that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago

CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Identifiers: GHSA-rr6r-p7rw-369c, CVE-2018-1000409
References: Repository:
Blast Radius: 1.0

Affected Packages

Affected Version Ranges: >= 2.140, <= 2.145, <= 2.138.1
Fixed in: 2.146, 2.138.2