[JIRA] [core] (JENKINS-24840) Session cookie not set with HttpOnly flag

[nicolas.del...@gmail.com (JIRA)]

Nicolas De Loof created JENKINS-24840 Session cookie not set with HttpOnly flag Issue Type: Improvement Assignee: Unassigned Components: core Created: 24/Sep/14 8:20 AM Description: The session cookie does not have HttpOnly flag set, so a malicious script could use it to forge a XSS attack. This isn't a direct security issue, as jenkins prevent arbitrary script to be included, just would offer a a second line of defense in case another security issue is detected. Project: Jenkins Priority: Minor Reporter: Nicolas De Loof

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.