vulnerability

Jenkins Advisory 2019-04-10: CVE-2019-1003049: Jenkins accepted cached legacy CLI authentication

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Apr 10, 2019	Apr 12, 2019	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Apr 10, 2019

Added

Apr 12, 2019

Modified

Aug 11, 2025

Description

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.

Solutions

jenkins-lts-upgrade-2_164_2jenkins-upgrade-2_172

References

CVE-2019-100304
https://attackerkb.com/topics/CVE-2019-100304
CWE-613
URL-https://jenkins.io/security/advisory/2019-04-10/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today