Home > Vulnerability Database > CVE-2019-1003049

Mend.io Vulnerability Database

CVE-2019-1003049

Good to know:

Date: April 10, 2019

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.

Language: C

Severity Score

8.1

Related Resources (8)

Url: https://github.com/jenkinsci/jenkins/commit/0eeaa087aac192fb39f52928be5a5bbf16627ea6

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-1003049

Url: https://access.redhat.com/errata/RHBA-2019:1605

Url: https://www.oracle.com/security-alerts/cpuapr2022.html

Url: https://github.com/jenkinsci/jenkins

Url: http://www.securityfocus.com/bid/107901

Url: https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289

Url: https://www.mend.io/vulnerability-database/CVE-2019-1003049

Severity Score

8.1

Weakness Type (CWE)

Improper Authentication

CWE-287

Insufficient Session Expiration

CWE-613

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.main:jenkins-core:2.164.2;org.jenkins-ci.main:jenkins-core:2.172

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-1003049

Good to know:

Date: April 10, 2019

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?