[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Improper authorization vulnerability in Jenkins - CVE-2019-1003003 (dpkg)

ID: oval:org.secpod.oval:def:55920Date: (C)2019-07-04   (M)2023-12-02
Class: VULNERABILITYFamily: unix




The host is installed with Jenkins LTS through 2.150.1 or Jenkins rolling release through 2.158 and is prone to an improper authorization vulnerability. The flaw is present in the application, which fails to properly handle an issue in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java. Successful exploitation could attackers with overall/runscripts permission to craft remember me cookies that would never expire.

Platform:
Linux
Product:
Jenkins LTS
Jenkins rolling release
Reference:
CVE-2019-1003003
CVE    1
CVE-2019-1003003
CPE    3
cpe:/a:jenkins:jenkins:2.158::~~-~~~
cpe:/a:jenkins:jenkins:::~~lts~~~
cpe:/a:jenkins:jenkins:::~~-~~~

© SecPod Technologies