Description
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.
Remediation
References
Related Vulnerabilities
Perl Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-6329)
Oracle JRE CVE-2013-5801 Vulnerability (CVE-2013-5801)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.15)
Dolibarr Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-1010054)
WordPress Plugin Ecwid Ecommerce Shopping Cart PHP Object Injection (4.4.3)