vulnerability

Red Hat OpenShift: CVE-2018-1000409: jenkins: Session fixation vulnerability on user signup

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Jan 9, 2019
Added
Apr 15, 2019
Modified
Aug 11, 2025

Description

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.

Solution

linuxrpm-upgrade-jenkins

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today