Description
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Related Vulnerabilities
CVE-2023-30515 Vulnerability in maven package io.jenkins.plugins:thycotic-devops-secrets-vault
CVE-2016-3088 Vulnerability in maven package org.apache.activemq:activemq-fileserver
CVE-2017-4972 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common
CVE-2020-11022 Vulnerability in maven package org.webjars:jquery
CVE-2023-24445 Vulnerability in maven package org.jenkins-ci.plugins:openid