CVE-2014-2066
EPSS 0.14%Jenkins session fixation vulnerability
Published: 5/17/2022Modified: 12/3/2024
Description
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
Affected packages (1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.533, < 1.551
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-2066
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttps://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
- WEBhttp://www.openwall.com/lists/oss-security/2014/02/21/2