-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing session invalidation during authentication. The GitHub commit 11ae476 shows the fix adds session ID rotation (request.changeSessionId()) in doFinishLogin method. This indicates the original implementation lacked session fixation protection by not resetting the session after authentication. The method handles OAuth login completion and session creation, making it the logical point where session management should occur.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:keycloak | maven | <= 2.3.0 | 2.3.1 |
JavaJavaOngoing coverage of React2Shell