Description
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.
Remediation
References
https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1158
http://www.securityfocus.com/bid/106532
Related Vulnerabilities
CVE-2022-25598 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler
CVE-2023-47320 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war
CVE-2017-1000391 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-50775 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard