Lucene search

Veracode Vulnerability DatabaseVERACODE:14780

HistoryMay 02, 2019 - 4:55 a.m.

Session Hijacking

2019-05-0204:55:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

jenkins is vulnerable to session hijacking. The vulnerability exists in the winstone servlet container.

CPENameOperatorVersion
openshift-origin-cartridge-jenkinseq1.20.3.4__1.el6op
openshift-origin-cartridge-jenkinseq1.20.3.3__1.el6op
openshift-origin-cartridge-jenkinseq1.9.8__1.el6op
openshift-origin-cartridge-jenkinseq1.16.1__2.el6op
jenkins-plugin-openshifteq0.6.25__1.el6op
jenkins-plugin-openshifteq0.6.19__0.el6op
jenkins-plugin-openshifteq0.6.28__1.el6op
jenkins-plugin-openshifteq0.6.5__0.el6op
jenkins-plugin-openshifteq0.6.16__0.el6op
jenkins-plugin-openshifteq0.6.37.1__0.el6op

Name	Operator	Version
openshift-origin-cartridge-jenkins	eq	1.20.3.4__1.el6op
openshift-origin-cartridge-jenkins	eq	1.20.3.3__1.el6op
openshift-origin-cartridge-jenkins	eq	1.9.8__1.el6op
openshift-origin-cartridge-jenkins	eq	1.16.1__2.el6op
jenkins-plugin-openshift	eq	0.6.25__1.el6op
jenkins-plugin-openshift	eq	0.6.19__0.el6op
jenkins-plugin-openshift	eq	0.6.28__1.el6op
jenkins-plugin-openshift	eq	0.6.5__0.el6op
jenkins-plugin-openshift	eq	0.6.16__0.el6op
jenkins-plugin-openshift	eq	0.6.37.1__0.el6op

Rows per page:

1-10 of 341

References

www.openwall.com/lists/oss-security/2014/02/21/2

access.redhat.com/security/cve/CVE-2013-5573

access.redhat.com/security/cve/CVE-2013-6372

access.redhat.com/security/cve/CVE-2013-7330

access.redhat.com/security/cve/CVE-2014-2059

access.redhat.com/security/cve/CVE-2014-2060

access.redhat.com/security/cve/CVE-2014-2061

access.redhat.com/security/cve/CVE-2014-2062

access.redhat.com/security/cve/CVE-2014-2063

access.redhat.com/security/cve/CVE-2014-2064

access.redhat.com/security/cve/CVE-2014-2065

access.redhat.com/security/cve/CVE-2014-2066

access.redhat.com/security/cve/CVE-2014-2067

access.redhat.com/security/cve/CVE-2014-2068

access.redhat.com/security/cve/CVE-2014-3661

access.redhat.com/security/cve/CVE-2014-3662

access.redhat.com/security/cve/CVE-2014-3663

access.redhat.com/security/cve/CVE-2014-3664

access.redhat.com/security/cve/CVE-2014-3665

access.redhat.com/security/cve/CVE-2014-3666

access.redhat.com/security/cve/CVE-2014-3667

access.redhat.com/security/cve/CVE-2014-3678

access.redhat.com/security/cve/CVE-2014-3681

bugzilla.redhat.com/show_bug.cgi?id=1127667

rhn.redhat.com/errata/RHBA-2014-1630.html

wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:14780