VDB

CVE-2019-1003049

CVE-2019-1003049 PUBLISHED CVSS 8.100000381469727 HIGH

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.

EPSS 0.69% · 72.1th percentile

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.69%
72.1th percentile

Affected Products

VendorProductVersions
jenkinsjenkins0, 0
redhatopenshift_container_platform3.11
Mavenorg.jenkins-ci.main:jenkins-core0, 2.165
Jenkins projectJenkins2.171 and earlier, LTS 2.164.1 and earlier
oraclecommunications_cloud_native_core_automated_test_suite1.9.0

Timeline

  • CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›