Lucene search
GoogleOSV:GHSA-G7CF-WG27-QW87HistoryMay 17, 2022 - 12:50 a.m.
Jenkins secure flag not set on session cookies
2022-05-1700:50:18
Google
osv.dev
2
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.
References
www.openwall.com/lists/oss-security/2015/01/22/3
www.securityfocus.com/bid/72054
bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682
bugzilla.redhat.com/show_bug.cgi?id=1185148
github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710
issues.jenkins-ci.org/browse/JENKINS-25019
jenkins.io/changelog-old
nvd.nist.gov/vuln/detail/CVE-2014-9634
Related
cve
cve
CVE-2014-9634
2017-09-12 14:29:00
cvelist
cvelist
CVE-2014-9634
2017-09-12 14:00:00
prion
prion
Session fixation
2017-09-12 14:29:00
ubuntucve
ubuntucve
CVE-2014-9634
2017-09-12 00:00:00
nvd
nvd
CVE-2014-9634
2017-09-12 14:29:00
github
github
Jenkins secure flag not set on session cookies
2022-05-17 00:50:18
nessus
nessus
Jenkins < 1.565.3 / 1.586 Multiple Vulnerabilities
2015-06-03 00:00:00
openvas
openvas
Jenkins < 1.586 Multiple Vulnerabilities - Windows
2022-09-01 00:00:00
Jenkins < 1.586 Multiple Vulnerabilities - Linux
2022-09-01 00:00:00