Jenkins Session Fixation Vulnerability - CVE-2018-1000409 - Vulnerability Database

Jenkins Session Fixation Vulnerability - CVE-2018-1000409

Medium
Reference: CVE-2018-1000409
Title: Jenkins Session Fixation Vulnerability
Overview:

A session fixation vulnerability exists in Jenkins 2.145 and earlier LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.