CVE-2019-1003049 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Access restriction bypass |
| Description | A security issue has been found in Jenkins before 2.172, where the fix for SECURITY-901 in Jenkins 2.150.2 and 2.160 did not reject existing remoting-based CLI authentication caches. This means that users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-948 | jenkins | 2.171-1 | 2.172-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 11 Apr 2019 | ASA-201904-7 | AVG-948 | jenkins | Medium | multiple issues |
| References |
|---|
https://jenkins.io/security/advisory/2019-04-10/ |