Description

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.

Remediation

References

CVE-2019-1003003

Related Vulnerabilities

WordPress Plugin Video Downloader for TikTok Directory Traversal (1.3)

Oracle Database Server CVE-2008-0342 Vulnerability (CVE-2008-0342)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16893)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11813)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-6728)

Severity

High

Classification

CVE-2019-1003003 CWE-613 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities