[JENKINS-24840] Session cookie not set with HttpOnly flag

Type: Improvement
Resolution: Duplicate
Priority: Minor
Component/s: core
Labels:
- security

Similar Issues:
Powered by SuggestiMate

Show

The session cookie does not have HttpOnly flag set, so a malicious script could use it to forge a XSS attack. This isn't a direct security issue, as jenkins prevent arbitrary script to be included, just would offer a a second line of defense in case another security issue is detected.

duplicates

JENKINS-27277 ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookie no HttpOnly flag

Resolved

Nicolas De Loof created issue - 2014-09-24 08:20

Jesse Glick made changes - 2014-09-24 12:40

Labels

New: security

R. Tyler Croy made changes - 2016-07-25 23:51

Workflow

Original: JNJira [ 158070 ]

New: JNJira + In-Review [ 179720 ]

Jesse Glick made changes - 2016-11-23 17:44

Link

New: This issue duplicates ~~JENKINS-27277~~ [ ~~JENKINS-27277~~ ]

Jesse Glick made changes - 2016-11-23 17:44

Resolution		New: Duplicate [ 3 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Assignee:: Unassigned

Reporter:: Nicolas De Loof

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2014-09-24 08:20

Updated:: 2016-11-23 17:44

Resolved:: 2016-11-23 17:44

Jenkins

Details

Description

Attachments

Issue Links

Activity

People

Dates