Description
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2427 Vulnerability (CVE-2013-2427)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0129)
WordPress Plugin Query Interface Security Bypass (1.1)
WordPress Plugin Tidio Live Chat Cross-Site Request Forgery (4.1.0)
WordPress Plugin Upload File Type Settings Cross-Site Scripting (1.1)