Jenkins 2299 and earlier does not invalidate the existing session on login This allows attackers to use social engineering techniques to gain administrator access to Jenkins Jenkins 2300 invalidates the existing session on login ...
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software
The following releases contain fixes for security vulnerabilities:
* Jenkins 2300
* Jenkins LTS 22892
* CAS Plugin 161
* requests-plugin 227, 228, and 2213
* Selenium HTML report Plugin 11
Summari ...