Description
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wholesale Market for WooCommerce Directory Traversal (1.0.8)
WebLogic CVE-2020-14637 Vulnerability (CVE-2020-14637)
MySQL CVE-2020-14790 Vulnerability (CVE-2020-14790)
Oracle Application Server CVE-2008-0340 Vulnerability (CVE-2008-0340)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9418)