CVE-2019-1003004

描述

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.

受影響套件(1)

• Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.159

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-1003004
• WEBhttps://access.redhat.com/errata/RHBA-2019:0327
• WEBhttps://jenkins.io/security/advisory/2019-01-16/#SECURITY-901
• WEBhttp://www.securityfocus.com/bid/106680