Description
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.
Remediation
References
Related Vulnerabilities
WordPress Plugin Yahoo! Updates for WordPress Multiple Cross-Site Scripting Vulnerabilities (1.0)
Atlassian Confluence Missing Authorization Vulnerability (CVE-2019-15005)
Oracle JRE CVE-2014-2397 Vulnerability (CVE-2014-2397)
PHP Numeric Errors Vulnerability (CVE-2009-5016)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (4.0.8)