WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003004)

Description

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.

Remediation

References

CVE-2019-1003004

Related Vulnerabilities

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Cross-Site Scripting (1.13.56)

Magento CVE-2020-9585 Vulnerability (CVE-2020-9585)

WordPress Plugin GA Universal Cross-Site Request Forgery (1.0)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2983)

Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2022-23646)

Severity

High

Classification

CVE-2019-1003004 CWE-613 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities