Description
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
Remediation
References
Related Vulnerabilities
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-10133)
WordPress Plugin Social Share Icons & Social Share Buttons Unspecified Vulnerability (1.4)
WordPress 3.8.3 Multiple Vulnerabilities (3.8 - 3.8.3)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5597)