A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jenkins | Jenkins | * | 2.138.1 (including) |
| Jenkins | Jenkins | * | 2.145 (including) |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-enterprise-service-catalog-1:3.11.51-1.git.1671.2d16650.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-0:3.11.51-1.git.0.1560686.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-cluster-autoscaler-0:3.11.51-1.git.0.0aa9fc2.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-descheduler-0:3.11.51-1.git.300.89070e8.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-dockerregistry-0:3.11.51-1.git.446.d29ce0e.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-metrics-server-0:3.11.51-1.git.52.03e3a91.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-node-problem-detector-0:3.11.51-1.git.254.22189b0.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-service-idler-0:3.11.51-1.git.14.813574a.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-web-console-0:3.11.51-1.git.324.0ae64ed.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | cri-o-0:1.11.10-1.rhaos3.11.git42c86f0.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-openshift-oauth-proxy-0:3.11.51-1.git.419.1af74df.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-alertmanager-0:3.11.51-1.git.0.50a0687.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-node_exporter-0:3.11.51-1.git.1063.12dd8be.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-prometheus-0:3.11.51-1.git.5023.0ad933c.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-0:2.138.2.1542054911-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-2-plugins-0:3.11.1542061886-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | kibana-0:5.6.13-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-ansible-0:3.11.51-2.git.0.51c90a3.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-autoheal-0:3.11.51-1.git.219.8ea4275.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-cluster-capacity-0:3.11.51-1.git.380.ffa21af.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-monitor-project-lifecycle-0:3.11.51-1.git.59.7b59e29.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-monitor-sample-app-0:3.11.51-1.git.5.f6d0188.el7 | * |
Such a scenario is commonly observed when: