CVE-2018-1999045

2018-08-23T18:29:00
ID CVE-2018-1999045
Type cve
Reporter cve@mitre.org
Modified 2019-05-08T22:23:00

Description

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.