CVE-2019-1003003: Insufficient Session Expiration
(updated )
An improper authorization vulnerability exists in Jenkins in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
that allows attackers with Overall/RunScripts
permission to craft Remember Me cookies that would never expire, allowing to persist access to temporarily compromised user accounts.
References
Detect and mitigate CVE-2019-1003003 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →