Description
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.
Remediation
References
Related Vulnerabilities
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7849)
WordPress Plugin WooCommerce Multiple Vulnerabilities (2.3.5)
WordPress 3.8.x Denial of Service Vulnerability (3.8 - 3.8.25)
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11815)