Back to bug 2222709
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Zack Miele | 2023-07-13 14:28:42 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Blocks | 2222712 | |||
| Zack Miele | 2023-07-13 14:29:38 UTC | Summary | CVE-2023-37946 Jenkins: Session fixation vulnerability in OpenShift Login Plugin | TRIAGE-CVE-2023-37946 Jenkins: Session fixation vulnerability in OpenShift Login Plugin |
| Alias | CVE-2023-37946 | TRIAGE-CVE-2023-37946 | ||
| Avinash Hanwate | 2023-07-17 07:39:38 UTC | Alias | TRIAGE-CVE-2023-37946 | CVE-2023-37946 |
| Doc Text | A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions, caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain administrator access to Jenkins. | |||
| Avinash Hanwate | 2023-07-17 07:40:48 UTC | Summary | TRIAGE-CVE-2023-37946 Jenkins: Session fixation vulnerability in OpenShift Login Plugin | CVE-2023-37946 Jenkins: Session fixation vulnerability in OpenShift Login Plugin |
| RaTasha Tillery-Smith | 2023-07-17 13:53:52 UTC | Doc Text | A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions, caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain administrator access to Jenkins. | A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain administrator access to Jenkins. |
Back to bug 2222709