CVE-2019-1003019: Session Fixation

May 13, 2022 (updated January 9, 2024)

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

References

github.com/advisories/GHSA-mcqx-wc2j-qx9v
github.com/jenkinsci/github-oauth-plugin/commit/3fcc367022c58486e5f52def3edbac92ed258ba4
jenkins.io/security/advisory/2019-01-28/
nvd.nist.gov/vuln/detail/CVE-2019-1003019

Code Behaviors & Features

Detect and mitigate CVE-2019-1003019 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →