vulnerability
Jenkins Advisory 2019-01-16:
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Jan 21, 2019 | Jan 21, 2019 | Feb 19, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Jan 21, 2019
Added
Jan 21, 2019
Modified
Feb 19, 2025
Description
When using an external security realm such as LDAP or Active Directory, deleting a user from the security realm does not result in the user losing access to Jenkins. While deleting the user record from Jenkins did invalidate the 'Remember me' cookie, there was no way to invalidate active sessions besides restarting Jenkins or terminating sessions through other means, such as Monitoring Plugin.
Solutions
jenkins-lts-upgrade-2_150_2jenkins-upgrade-2_160
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.