CVE-2014-9634 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.586

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00328 pctl0.55023

Details

Jenkins secure flag not set on session cookies Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

Metadata

Created: 2022-05-17T00:50:18Z
Modified: 2024-01-30T23:17:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g7cf-wg27-qw87/GHSA-g7cf-wg27-qw87.json
CWE IDs: []
Alternative ID: GHSA-g7cf-wg27-qw87
Finding: F042
Auto approve: 1