-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.533, < 1.551 | 1.551 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.532.2 | 1.532.2 |
Miggo AIRoot Cause AnalysisThe commit diff explicitly shows the vulnerability stemmed from missing session invalidation in the onSuccessfulAuthentication method. Session fixation occurs when attackers can force a user's session ID before authentication. By not invalidating the session after login, Jenkins reused the same session ID post-authentication. The patch adds session.invalidate() to break this chain, confirming this function's role in the vulnerability.