Description

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.

Remediation

References

CVE-2015-5323

Related Vulnerabilities

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4317)

Internet Information Services Other Vulnerability (CVE-2001-0545)

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17565)

WordPress Plugin Downloads Manager Arbitrary File Upload (1.0)

Severity

Medium

Classification

CVE-2015-5323 CWE-264

Tags

Missing Update Known Vulnerabilities