logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2014-2060 org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.532.2 || >=1.533 <1.551

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00086 pctl0.25713

Details

Jenkins allows Remote Attackers to Hijack Sessions The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.

Metadata

Created: 2022-05-17T03:53:55Z
Modified: 2025-03-13T19:17:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9c26-cf8c-mw43/GHSA-9c26-cf8c-mw43.json
CWE IDs: []
Alternative ID: GHSA-9c26-cf8c-mw43
Finding: F280
Auto approve: 1