CVE-2014-2066 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.533 <1.551 || >=0 <1.532.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00151 pctl0.36365

Details

Jenkins session fixation vulnerability Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.

Metadata

Created: 2022-05-17T03:53:42Z
Modified: 2024-03-05T14:37:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8jfx-h6q2-v4g3/GHSA-8jfx-h6q2-v4g3.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-8jfx-h6q2-v4g3
Finding: F039
Auto approve: 1