Description

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.

Remediation

References

CVE-2014-2066

Related Vulnerabilities

WordPress Plugin Profile Builder Pro SQL Injection (3.3.2)

WordPress Plugin WORDPRESS VIDEO GALLERY Multiple Cross-Site Request Forgery Vulnerabilities (2.8)

WordPress Plugin jQuery Tagline Rotator Cross-Site Scripting (0.1.5)

e107 Other Vulnerability (CVE-2007-3429)

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22)

Severity

Medium

Classification

CVE-2014-2066 CWE-287

Tags

Missing Update Known Vulnerabilities