Description
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.
Remediation
References
Related Vulnerabilities
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.7.0)
WordPress Plugin YITH Custom Thank You Page for Woocommerce Security Bypass (1.1.6)
Atlassian Jira CVE-2019-20410 Vulnerability (CVE-2019-20410)
WordPress Plugin WP to Twitter Authorization Bypass (2.9.3)
MySQL Improper Input Validation Vulnerability (CVE-2009-4028)