-
Bug
-
Resolution: Fixed
-
Minor
-
None
Jenkins' remember me cookie (ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE) is set without the HttpOnly flag.
Both the JSESSIONID and the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookies can be used interchangeably to access the application.
- is duplicated by
-
JENKINS-24840 Session cookie not set with HttpOnly flag
-
- Resolved
-
[JENKINS-27277] ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookie no HttpOnly flag
Link | New: This issue is blocking SECURITY-120 [ SECURITY-120 ] |
Status | Original: Untriaged [ 10001 ] | New: Open [ 1 ] |
Component/s | New: core [ 15593 ] | |
Component/s | Original: core [ 15738 ] | |
Key |
Original:
|
New:
|
Project | Original: Security Issues [ 10180 ] | New: Jenkins [ 10172 ] |
Workflow | Original: Security v1.2 [ 161097 ] | New: JNJira [ 161481 ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Workflow | Original: JNJira [ 161481 ] | New: JNJira + In-Review [ 196639 ] |
Link |
New:
This issue is duplicated by |
Link | New: This issue is duplicated by SECURITY-502 [ SECURITY-502 ] |