Description

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.

Remediation

References

CVE-2018-1999045

Related Vulnerabilities

MySQL CVE-2021-2301 Vulnerability (CVE-2021-2301)

Django Resource Management Errors Vulnerability (CVE-2014-0474)

MySQL CVE-2021-2065 Vulnerability (CVE-2021-2065)

Oracle Database Server CVE-2011-0799 Vulnerability (CVE-2011-0799)

OpenSSL Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2023-0286)

Severity

Medium

Classification

CVE-2018-1999045 CWE-287 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities