Session Fixation Vulnerability in Jenkins

Session Fixation Vulnerability in Jenkins

CVE-2018-1000409 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

Learn more about our User Device Pen Test.