[MAVEN:GHSA-G7CF-WG27-QW87] Jenkins secure flag not set on session cookies
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.main/jenkins-core | < 1.586 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.main/jenkins-core | = 1.586 |
- ID
- MAVEN:GHSA-G7CF-WG27-QW87
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-g7cf-wg27-qw87
- Published
-
2022-05-17T00:50:18
(2 years ago) - Modified
-
2024-01-30T23:18:43
(7 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.main/jenkins-core | org.jenkins-ci.main | jenkins-core | < 1.586 | |||
Fixed | pkg:maven/org.jenkins-ci.main/jenkins-core | org.jenkins-ci.main | jenkins-core | = 1.586 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |