Jenkins session fixation vulnerability

GHSA-8jfx-h6q2-v4g3 · CVE-2014-2066

Published May 17, 2022 · Modified Dec 3, 2024

Description

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-2066
WEB https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
WEB http://www.openwall.com/lists/oss-security/2014/02/21/2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes