Session Fixation Vulnerability in Jenkins
CVE-2018-1000409 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:N
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.
Learn more about our User Device Pen Test.