Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rr6r-p7rw-369c

Опубликовано: 14 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 5.4

Описание

Session Fixation in Jenkins

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven
Затронутые версииВерсия исправления

<= 2.138.1

2.138.2

Наименование

org.jenkins-ci.main:jenkins-core

maven
Затронутые версииВерсия исправления

>= 2.140, <= 2.145

2.146

EPSS

Процентиль: 22%
0.00073
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2018-1000409

Дефекты

CWE-384

Связанные уязвимости

redhat логотип

CVE-2018-1000409

CVSS3: 5.4
redhat
больше 7 лет назад

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

nvd логотип

CVE-2018-1000409

CVSS3: 5.4
nvd
около 7 лет назад

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

debian логотип

CVE-2018-1000409

CVSS3: 5.4
debian
около 7 лет назад

A session fixation vulnerability exists in Jenkins 2.145 and earlier, ...

EPSS

Процентиль: 22%
0.00073
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2018-1000409

Дефекты

CWE-384