Description
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2046 Vulnerability (CVE-2021-2046)
Jenkins Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1000067)
WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (1.10.1)
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2020-28948)
Jboss EAP Incorrect Authorization Vulnerability (CVE-2017-12196)