Description

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.

Remediation

References

CVE-2014-2066

Related Vulnerabilities

Oracle Application Server Credentials Management Errors Vulnerability (CVE-2002-2345)

Jboss EAP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1048)

WordPress Plugin SAML SP Single Sign On-SSO login Unspecified Vulnerability (4.8.70)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.07)

Oracle Database Server SYS Account privilege issue (CVE-2021-2000)

Severity

Medium

Classification

CVE-2014-2066 CWE-287

Tags

Missing Update Known Vulnerabilities