Описание
Improper Authorization in Jenkins Core
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
Пакеты
org.jenkins-ci.main:jenkins-core
< 2.159
2.159
Связанные уязвимости
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
An improper authorization vulnerability exists in Jenkins 2.158 and ea ...
Уязвимость сервера автоматизации Jenkins, позволяющая нарушителю повторно использовать регистрационные данные или идентификаторы сеанса для авторизации