Description

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.

Remediation

References

CVE-2014-2066

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2000-0246)

WordPress Plugin jQuery Reply to Comment Cross-Site Request Forgery (1.31)

Jboss EAP CVE-2012-5626 Vulnerability (CVE-2012-5626)

ownCloud Other Vulnerability (CVE-2014-2054)

PHP DEPRECATED: Code Vulnerability (CVE-2014-9426)

Severity

Medium

Classification

CVE-2014-2066 CWE-287

Tags

Missing Update Known Vulnerabilities