VDB
CVE-2019-1003049
CVE-2019-1003049
PUBLISHED
CVSS 8.100000381469727 HIGH
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.
EPSS 0.69% · 72.1th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.69%
72.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| jenkins | jenkins | 0, 0 |
| redhat | openshift_container_platform | 3.11 |
| Maven | org.jenkins-ci.main:jenkins-core | 0, 2.165 |
| Jenkins project | Jenkins | 2.171 and earlier, LTS 2.164.1 and earlier |
| oracle | communications_cloud_native_core_automated_test_suite | 1.9.0 |
Exploit Intelligence
Timeline
- CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- 107901 vdb
- RHBA-2019:1605 vendor-advisory
- https://www.oracle.com/security-alerts/cpuapr2022.html url
- https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-1003049 advisory
- https://github.com/jenkinsci/jenkins/commit/0eeaa087aac192fb39f52928be5a5bbf16627ea6 url
- https://github.com/jenkinsci/jenkins package