Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27277

ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookie no HttpOnly flag

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      Jenkins' remember me cookie (ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE) is set without the HttpOnly flag.

      Both the JSESSIONID and the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookies can be used interchangeably to access the application.

        Attachments

          Issue Links

            Activity

            _ikki Luca Carettoni created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Link This issue is blocking SECURITY-120 [ SECURITY-120 ]
            jglick Jesse Glick made changes -
            Status Untriaged [ 10001 ] Open [ 1 ]
            kohsuke Kohsuke Kawaguchi made changes -
            Component/s core [ 15593 ]
            Component/s core [ 15738 ]
            Key SECURITY-178 JENKINS-27277
            Project Security Issues [ 10180 ] Jenkins [ 10172 ]
            Workflow Security v1.2 [ 161097 ] JNJira [ 161481 ]
            scm_issue_link SCM/JIRA link daemon made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 161481 ] JNJira + In-Review [ 196639 ]
            jglick Jesse Glick made changes -
            Link This issue is duplicated by JENKINS-24840 [ JENKINS-24840 ]
            danielbeck Daniel Beck made changes -
            Link This issue is duplicated by SECURITY-502 [ SECURITY-502 ]

              People

              Assignee:
              kohsuke Kohsuke Kawaguchi
              Reporter:
              _ikki Luca Carettoni
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: