Описание
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | jenkins | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.3 | jenkins | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins | Fix deferred | ||
| Red Hat OpenShift Enterprise 3.1 | jenkins | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4.6 Medium
CVSS3
Связанные уязвимости
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
A improper authentication vulnerability exists in Jenkins 2.137 and ea ...
4.6 Medium
CVSS3