CVE-2014-2066
Jenkins session fixation vulnerability
EPSS 0.14%
Description
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
How to fix CVE-2014-2066
To remediate CVE-2014-2066, upgrade the affected package to a fixed version below.
- Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.551 or later
Is CVE-2014-2066 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.533, < 1.551