Total vulnerabilities in the database
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.
| Software | From | Fixed in |
|---|---|---|
| jenkins / jenkins | - | 1.585.x |