Improper authorization vulnerability in Jenkins - CVE-2019-1003003 (rpm)ID: oval:org.secpod.oval:def:55916 | Date: (C)2019-07-04 (M)2023-12-02 |
Class: VULNERABILITY | Family: unix |
The host is installed with Jenkins LTS through 2.150.1 or Jenkins rolling release through 2.158 and is prone to an improper authorization vulnerability. The flaw is present in the application, which fails to properly handle an issue in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java. Successful exploitation could attackers with overall/runscripts permission to craft remember me cookies that would never expire.
Product: |
Jenkins LTS |
Jenkins rolling release |