CVE-2014-2066

EPSS 0.14%
Published 17.10.2014 15:55:05
Last modified 12.04.2025 10:46:40
Source security@debian.org
Teams watchlist Login
Open Login

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version <= 1.532.1

Jenkins ≫ Jenkins Version <= 1.550

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.347

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/02/21/2

https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a

Patch

https://nvd.nist.gov/vuln/detail/CVE-2014-2066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2066

EUVD