Description
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Remediation
References
Related Vulnerabilities
Magento Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2019-8154)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-20330)
WordPress Plugin Users to CSV Cross-Site Request Forgery (1.4.5)
WordPress Plugin Strong Testimonials Multiple Cross-Site Scripting Vulnerabilities (2.31.4)