Description
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
Remediation
References
Related Vulnerabilities
WordPress Plugin Passster-Password Protection Security Bypass (3.5.5.8)
Drupal Core 7.x Remote Code Execution (7.0 - 7.57)
WordPress Plugin Constant Contact Forms Cross-Site Scripting (1.8.7)
WordPress Plugin Loginizer Cross-Site Scripting (1.3.9)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2023-39456)