Description
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
Remediation
References
Related Vulnerabilities
Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8164)
Angular Inefficient Regular Expression Complexity Vulnerability (CVE-2024-21490)
Atlassian Jira CVE-2020-4029 Vulnerability (CVE-2020-4029)
WordPress Plugin Chatbot with IBM Watson Cross-Site Scripting (0.8.20)
WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)