Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. Jenkins 2.300 invalidates the existing session on login.
Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. Jenkins 2.300 invalidates the existing session on login.
https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2371 https://github.com/jenkinsci/jenkins/commit/25a42f3942fd9f8bd768c887c679dbc796b4fcd5