CVE-2019-1003019

CWE-3845 documents5 sources

Severity

5.9MEDIUM

EPSS

0.0%

top 90.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Github Oauth Jenkins Project Jenkins Github Authentication Plugin

Timeline

PublishedFeb 6

Latest updateMay 13

Description

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_github_authentication_plugin0.29 and earlier

▶Mavenorg.jenkins-ci.plugins:github-oauth< 0.31

▶NVDjenkins/github_oauth0.29

🔴Vulnerability Details

OSV

GitHub Authentication Plugin session fixation vulnerability↗2022-05-13

▶

GHSA

GitHub Authentication Plugin session fixation vulnerability↗2022-05-13

▶

CVEList

CVE-2019-1003019: An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0↗2019-02-06

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-01-28↗2019-01-28

▶