Описание
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | jenkins | Will not fix | ||
| Red Hat OpenShift Enterprise 2.1 | jenkins | Fixed | RHBA-2014:1630 | 14.10.2014 |
| Red Hat OpenShift Enterprise 2.1 | jenkins-plugin-openshift | Fixed | RHBA-2014:1630 | 14.10.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-cartridge-jenkins | Fixed | RHBA-2014:1630 | 14.10.2014 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=1067827jenkins: session fixation issue (SECURITY-75)
4.3 Medium
CVSS2
Связанные уязвимости
ubuntu
больше 11 лет назад
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
nvd
больше 11 лет назад
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
debian
больше 11 лет назад
Session fixation vulnerability in Jenkins before 1.551 and LTS before ...
4.3 Medium
CVSS2