Description
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
Remediation
References
Related Vulnerabilities
Jboss EAP Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)
Oracle Database Server CVE-2012-0526 Vulnerability (CVE-2012-0526)
PHP NULL Pointer Dereference Vulnerability (CVE-2016-7131)
WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)
WordPress Plugin MainWP Dashboard Unspecified Vulnerability (2.0.22)