CVE-2015-5323 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-0489.html

https://access.redhat.com/errata/RHSA-2016:0070

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Related Vulnerabilities

CVE-2022-28889 Vulnerability in maven package org.apache.druid:druid

CVE-2017-1000006 Vulnerability in maven package org.webjars.bowergithub.plotly:plotly.js

CVE-2019-16571 Vulnerability in maven package org.jenkins-ci.plugins:rapiddeploy-jenkins

CVE-2018-1000150 Vulnerability in maven package org.jenkins-ci.plugins:reverse-proxy-auth-plugin

CVE-2017-2601 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-264