vulnerability
Red Hat OpenShift: CVE-2019-1003049: jenkins: Jenkins accepted cached legacy CLI authentication
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Apr 10, 2019 | Jul 4, 2019 | Apr 11, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Apr 10, 2019
Added
Jul 4, 2019
Modified
Apr 11, 2025
Description
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.
Solution(s)
linuxrpm-upgrade-atomic-enterprise-service-cataloglinuxrpm-upgrade-atomic-openshift-cluster-autoscalerlinuxrpm-upgrade-atomic-openshift-deschedulerlinuxrpm-upgrade-atomic-openshift-dockerregistrylinuxrpm-upgrade-atomic-openshift-metrics-serverlinuxrpm-upgrade-atomic-openshift-node-problem-detectorlinuxrpm-upgrade-atomic-openshift-service-idlerlinuxrpm-upgrade-atomic-openshift-web-consolelinuxrpm-upgrade-cri-olinuxrpm-upgrade-golang-github-openshift-oauth-proxylinuxrpm-upgrade-golang-github-prometheus-alertmanagerlinuxrpm-upgrade-golang-github-prometheus-node_exporterlinuxrpm-upgrade-golang-github-prometheus-prometheuslinuxrpm-upgrade-jenkinslinuxrpm-upgrade-jenkins-2-pluginslinuxrpm-upgrade-openshift-ansiblelinuxrpm-upgrade-openshift-enterprise-autoheallinuxrpm-upgrade-openshift-enterprise-cluster-capacity
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.