Description
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.
Remediation
References
Related Vulnerabilities
WordPress Plugin AdSense Manager Cross-Site Scripting (4.0.3)
WordPress Plugin Article Directory Redux Cross-Site Scripting (1.0.2)
phpMyFAQ Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-4409)
OpenSSL Other Vulnerability (CVE-2003-0131)
OpenSSL Improper Certificate Validation Vulnerability (CVE-2022-1343)