CVE-2019-1003049 log

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
A security issue has been found in Jenkins before 2.172, where the fix for SECURITY-901 in Jenkins 2.150.2 and 2.160 did not reject existing remoting-based CLI authentication caches. This means that users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated.
Group Package Affected Fixed Severity Status Ticket
AVG-948 jenkins 2.171-1 2.172-1 Medium Fixed
Date Advisory Group Package Severity Description
11 Apr 2019 ASA-201904-7 AVG-948 jenkins Medium multiple issues
References
https://jenkins.io/security/advisory/2019-04-10/