CVE-2021-21671

Session Fixation in maven/org.jenkins-ci.main/jenkins-core

Identifier

CVE-2021-21671

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Session Fixation

Description

Jenkins does not invalidate the previous session on login.

Affected Versions

All versions starting from 2.266 before 2.300

Solution

Upgrade to version 2.300 or above.

Last Modified

2021-07-08

source