Описание
Improper Authorization in Jenkins Core
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-1003003
- https://github.com/jenkinsci/jenkins/commit/7b4649657f90e98a5564cf5f0892deaa5fee0454
- https://access.redhat.com/errata/RHBA-2019:0327
- https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868
- https://web.archive.org/web/20200227092104/http://www.securityfocus.com/bid/106680
Пакеты
org.jenkins-ci.main:jenkins-core
< 2.150.2
2.150.2
org.jenkins-ci.main:jenkins-core
>= 2.151, < 2.159
2.159
Связанные уязвимости
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.
An improper authorization vulnerability exists in Jenkins 2.158 and ea ...
Уязвимость компонента TokenBasedRememberMeServices2.java (core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java) сервера автоматизации Jenkins, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации