Launch Week Day 1: Announcing Security Design Review

Jenkins allows Remote Attackers to Hijack Sessions

GHSA-9c26-cf8c-mw43 · CVE-2014-2060

Published May 17, 2022 · Modified Mar 13, 2025

Description

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes