Описание
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
Пакеты
Наименование
org.jenkins-ci.plugins:gitlab-oauth
maven
Затронутые версииВерсия исправления
<= 1.4
1.5
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.