ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2019-1003003 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.15)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-1003003 Source advisory: OSV:GHSA-6RH5-23HX-J452...

Jenkins < 2.160 and < 2.150.2 LTS Multiple Vulnerabilities - Windows

Jenkins and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-1003003

CVE-2019-1003003 affects Jenkins Core prior to 2.159/2.150.1 LTS. The root cause is an improper authorization in TokenBasedRememberMeServices2.java, enabling attackers with Overall/RunScripts permission to craft Remember Me cookies that never expire, thereby persisting access to a temporarily com...