vulnerability

Jenkins Advisory CVE-2014-9634: Session Cookie Security Bypass via secure flag

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2017-09-12
Added
2018-04-25
Modified
2024-11-27

Description

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

Solution

jenkins-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.