CVE-2019-1003003

Summary

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.158 and earlier, LTS 2.150.1 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References