ASA-2019-00007 – Jenkins: Administrators could persist access to Jenkins using crafted ‘Remember me’ cookie

Users with the Overall/RunScripts permission (typically administrators) were able to use the Jenkins script console to craft a 'Remember me' cookie that would never expire. This allowed attackers access to a Jenkins instance while the corresponding user in the configured security realm exists, for example to persist access after another successful attack.