6 matches found
EUVD-2022-2908
Malicious code in bioql PyPI...
Jenkins < 2.164.2 LTS and < 2.172 Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
Authentication flaw
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based...
Jenkins < 2.160 and < 2.150.2 LTS Multiple Vulnerabilities - Windows
Jenkins and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-1003004
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have...
CVE-2019-1003004
CVE-2019-1003004 affects Jenkins core (including 2.158 and earlier, LTS 2.150.1 and earlier) due to an improper authorization issue in AuthenticationProcessingFilter2.java that can extend an active HTTP session indefinitely, potentially for a user whose account was deleted. The connected records ...