An improper authorization vulnerability exists in Jenkins 2.158 and previous versions, LTS 2.150.1 and previous versions in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows malicious users to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |
||
redhat openshift container platform 3.11 |