Description

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.

Remediation

References

CVE-2014-2066

Related Vulnerabilities

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Scripting (2.9.15)

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Multiple Vulnerabilities (1.3.7)

WordPress Plugin WP-SendSMS Cross-Site Request Forgery (1.0)

WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19435)

Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)

Severity

Medium

Classification

CVE-2014-2066 CWE-287

Tags

Missing Update Known Vulnerabilities