Description
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
Remediation
References
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-795
http://www.openwall.com/lists/oss-security/2019/08/07/1
Related Vulnerabilities
CVE-2023-32984 Vulnerability in maven package org.jenkins-ci.plugins:testng-plugin
CVE-2023-25194 Vulnerability in maven package org.apache.kafka:kafka-clients
CVE-2023-29528 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2021-29442 Vulnerability in maven package com.alibaba.nacos:nacos-common
CVE-2017-1000502 Vulnerability in maven package org.jenkins-ci.plugins:ec2