Lucene search
Redhat.comRH:CVE-2019-1003003HistoryApr 09, 2020 - 10:33 a.m.
CVE-2019-1003003
2020-04-0910:33:33
redhat.com
access.redhat.com
4
0.003 Low
EPSS
Percentile
66.2%
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.
Related
cve
cve
CVE-2019-1003003
2019-01-22 14:29:00
osv
osv
CVE-2019-1003003
2019-01-22 14:29:00
Improper Authorization in Jenkins Core
2022-05-13 01:05:22
veracode
veracode
Insecure Session Management
2019-05-16 03:24:10
cvelist
cvelist
CVE-2019-1003003
2019-01-22 14:00:00
github
github
Improper Authorization in Jenkins Core
2022-05-13 01:05:22
nvd
nvd
CVE-2019-1003003
2019-01-22 14:29:00
prion
prion
Authorization
2019-01-22 14:29:00
nessus
nessus
Jenkins < 2.150.2 LTS / 2.160 Multiple Vulnerabilities
2019-01-23 00:00:00
openvas
openvas
Jenkins < 2.160 and < 2.150.2 LTS Multiple Vulnerabilities - Linux
2019-01-23 00:00:00
Jenkins < 2.160 and < 2.150.2 LTS Multiple Vulnerabilities - Windows
2019-01-23 00:00:00