Description
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Credova_Financial Information Disclosure (1.4.8)
WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar Cross-Site Scripting (3.0.1)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2079)
WordPress Plugin SnapApp Multiple Cross-Site Scripting Vulnerabilities (1.5)
WordPress Plugin Weather Effect-Christmas Santa Snow Falling Cross-Site Scripting (1.3.5)