CVE-2019-1003004

Summary

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.158 and earlier, LTS 2.150.1 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References