Description

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.

Remediation

References

CVE-2019-1003003

Related Vulnerabilities

PHP Other Vulnerability (CVE-2000-0967)

WordPress Plugin ChikunCount Arbitrary File Upload (1.3)

WordPress Plugin White Label CMS Cross-Site Scripting (2.2.8)

Oracle Database Server CVE-2006-0282 Vulnerability (CVE-2006-0282)

WordPress Plugin WP Photo Album Plus Cross-Site Scripting (6.1.2)

Severity

High

Classification

CVE-2019-1003003 CWE-613 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities