CVE-2021-21671 — Session Fixation in Project Jenkins
Severity
7.5HIGHNVD
EPSS
0.3%
top 49.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 30
Latest updateMay 24
Description
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9