3 matches found
Jenkins < 1.586 Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1186 more potentially affected by CVE-2014-9635 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.585)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0.3, =1.0.0, =1.0, =1.0.0, =2.2.0, =1.0-beta-1, =4.18 - com.boxuk.jenkins:jslint =0.7.4 and more Source cves: CVE-2014-9635 Source advisory: OSV:GHSA-7F6W-FHMR-J8HQ...
CVE-2014-9635
CVE-2014-9635 affects Jenkins before 1.586. The issue is that the application does not set the HttpOnly flag in Set-Cookie headers for session cookies when run on Tomcat 7.0.41+; this can allow remote attackers to access cookies via scripts and potentially obtain sensitive information. The cited ...