Description
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.
Remediation
References
http://www.securityfocus.com/bid/106532
https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1158
Related Vulnerabilities
CVE-2021-41086 Vulnerability in npm package jsuites
CVE-2020-5258 Vulnerability in maven package org.webjars:dojo
CVE-2022-31129 Vulnerability in maven package org.webjars.npm:moment
CVE-2016-10568 Vulnerability in npm package geoip-lite-country
CVE-2021-29442 Vulnerability in maven package com.alibaba.nacos:nacos-common