CVE-2019-1003049 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-1003049 PUBLISHED CVSS 8.100000381469727 HIGH

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.

EPSS 0.47% · 64.6th percentile

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.47%

64.6th percentile

Affected Products

Vendor	Product	Versions
jenkins	jenkins	0, 0
redhat	openshift_container_platform	3.11
Maven	org.jenkins-ci.main:jenkins-core	2.165, 0
Jenkins project	Jenkins	2.171 and earlier, LTS 2.164.1 and earlier
oracle	communications_cloud_native_core_automated_test_suite	1.9.0

Timeline

Apr 10, 2019 CVE Published
Apr 15, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

107901 vdb
RHBA-2019:1605 vendor-advisory
https://www.oracle.com/security-alerts/cpuapr2022.html url
https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289 url
https://nvd.nist.gov/vuln/detail/CVE-2019-1003049 advisory
https://github.com/jenkinsci/jenkins/commit/0eeaa087aac192fb39f52928be5a5bbf16627ea6 url
https://github.com/jenkinsci/jenkins package

Open in Interactive Console →