logo

Database

Session Fixation In org.jenkins-ci.plugins:plugin

Description

Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-103712. NVD-2019-103713. OSV-2019-103714. GHSA-682g-c99v-9r2g5. GCVE-2019-10371

References

1. https://jenkins.io/security/advisory/2019-08-07/#SECURITY-7952. http://www.openwall.com/lists/oss-security/2019/08/07/13. https://github.com/jenkinsci/gitlab-oauth-plugin/commit/695ce63fddb3567cf8d87339ddc1fa3b67ae2db8

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.