Description
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
Remediation
References
Related Vulnerabilities
WordPress Plugin MiniMax-Page Layout Builder Arbitrary File Upload (1.7.1)
WebLogic CVE-2016-0572 Vulnerability (CVE-2016-0572)
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22881)
Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27907)