admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2019/1003xxx/CVE-2019-1003003.json

1 line
1.0 KiB
JSON
Raw Normal View History

Jenkins CVEs
2019-01-21 12:08:18 -07:00
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-01-16/#SECURITY-868"}]},"description": {"description_data": [{"lang": "eng","value": "An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.158 and earlier, LTS 2.150.1 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-21T19:07:26.674486","ID": "CVE-2019-1003003","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-613"}]}]}}
Reference in New Issue Copy Permalink