vulnerability

Red Hat OpenShift: CVE-2019-1003049: jenkins: Jenkins accepted cached legacy CLI authentication

Name: Red Hat OpenShift: CVE-2019-1003049: jenkins: Jenkins accepted cached legacy CLI authentication
Creator: Red Hat
Published: 2019-04-10T00:00:00.000Z

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Apr 10, 2019

Added

Jul 4, 2019

Modified

Mar 30, 2026

Description

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.

Solutions

linuxrpm-upgrade-atomic-enterprise-service-cataloglinuxrpm-upgrade-atomic-openshift-cluster-autoscalerlinuxrpm-upgrade-atomic-openshift-deschedulerlinuxrpm-upgrade-atomic-openshift-dockerregistrylinuxrpm-upgrade-atomic-openshift-metrics-serverlinuxrpm-upgrade-atomic-openshift-node-problem-detectorlinuxrpm-upgrade-atomic-openshift-service-idlerlinuxrpm-upgrade-atomic-openshift-web-consolelinuxrpm-upgrade-cri-olinuxrpm-upgrade-golang-github-openshift-oauth-proxylinuxrpm-upgrade-golang-github-prometheus-alertmanagerlinuxrpm-upgrade-golang-github-prometheus-node_exporterlinuxrpm-upgrade-golang-github-prometheus-prometheuslinuxrpm-upgrade-jenkinslinuxrpm-upgrade-jenkins-2-pluginslinuxrpm-upgrade-openshift-ansiblelinuxrpm-upgrade-openshift-enterprise-autoheallinuxrpm-upgrade-openshift-enterprise-cluster-capacity

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report