Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.
www.securityfocus.com/bid/107901
access.redhat.com/errata/RHBA-2019:1605
github.com/jenkinsci/jenkins
github.com/jenkinsci/jenkins/commit/0eeaa087aac192fb39f52928be5a5bbf16627ea6
jenkins.io/security/advisory/2019-04-10/#SECURITY-1289
nvd.nist.gov/vuln/detail/CVE-2019-1003049
www.oracle.com/security-alerts/cpuapr2022.html