Description

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.

Remediation

References

CVE-2015-5323

Related Vulnerabilities

Jboss EAP CVE-2013-1862 Vulnerability (CVE-2013-1862)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9044)

WordPress Plugin Easy PayPal Events Unspecified Vulnerability (1.1.6)

Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1747)

Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2022-23646)

Severity

Medium

Classification

CVE-2015-5323 CWE-264

Tags

Missing Update Known Vulnerabilities