Description
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
Remediation
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9854)
Drupal Other Vulnerability (CVE-2002-1806)
Drupal Cryptographic Issues Vulnerability (CVE-2013-6386)
PostgreSQL Out-of-bounds Read Vulnerability (CVE-2019-10209)
WordPress Plugin Virtual Robots.txt Cross-Site Scripting (1.9)