Description
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.
Remediation
References
Related Vulnerabilities
LimeSurvey Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-16174)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5489)
Apache Tomcat version older than 6.0.16
Drupal Core 8.9.x Arbitrary File Overwrite (8.9.0 - 8.9.12)
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.2)