CVE-2019-10371

Session Fixation in maven/org.jenkins-ci.plugins/plugin

Identifiers

GHSA-682g-c99v-9r2g, CVE-2019-10371

Package Slug

maven/org.jenkins-ci.plugins/plugin

Vulnerability

Session Fixation

Description

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

Affected Versions

All versions up to 1.4

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-03-06

source