Description
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
Remediation
References
Related Vulnerabilities
WordPress Plugin Olimometer SQL Injection (2.56)
WordPress Plugin Count per Day Search Bar Cross-Site Scripting (3.2.2)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.5)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)
WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.353)