Description
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)
MySQL CVE-2018-2758 Vulnerability (CVE-2018-2758)
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)