CVE-2019-1003019

Summary

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins GitHub Authentication Plugin0.29 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References