Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000409

Опубликовано: 10 окт. 2018
Источник: redhat
CVSS3: 5.4

Описание

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.10jenkinsWill not fix
Red Hat OpenShift Container Platform 3.4jenkinsWill not fix
Red Hat OpenShift Container Platform 3.5jenkinsWill not fix
Red Hat OpenShift Container Platform 3.6jenkinsWill not fix
Red Hat OpenShift Container Platform 3.7jenkinsWill not fix
Red Hat OpenShift Container Platform 3.9jenkinsWill not fix
Red Hat OpenShift Container Platform 4jenkinsNot affected
Red Hat OpenShift Container Platform 3.11atomic-enterprise-service-catalogFixedRHBA-2018:374312.12.2018
Red Hat OpenShift Container Platform 3.11atomic-openshiftFixedRHBA-2018:374312.12.2018
Red Hat OpenShift Container Platform 3.11atomic-openshift-cluster-autoscalerFixedRHBA-2018:374312.12.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=1642885jenkins: Session fixation vulnerability on user signup

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1000409

CVSS3: 5.4
nvd
около 7 лет назад

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

debian логотип

CVE-2018-1000409

CVSS3: 5.4
debian
около 7 лет назад

A session fixation vulnerability exists in Jenkins 2.145 and earlier, ...

github логотип

GHSA-rr6r-p7rw-369c

CVSS3: 5.4
github
больше 3 лет назад

Session Fixation in Jenkins

5.4 Medium

CVSS3