Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Session Fixation Vulnerability (CVE-2021-21671)

Description

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

Remediation

References

Related Vulnerabilities

CKEditor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-31541)

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2176)

WordPress Plugin Import Social Events Cross-Site Scripting (1.6.6)

WordPress Plugin ReFlex Gallery 'php.php' Arbitrary File Upload (1.4.6)

Oracle JRE CVE-2014-0456 Vulnerability (CVE-2014-0456)

Severity

High

Classification

CVE-2021-21671 CWE-384 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities