Description

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.

Remediation

References

CVE-2015-5323

Related Vulnerabilities

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3221)

Magento CVE-2019-8110 Vulnerability (CVE-2019-8110)

Python Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-1000802)

Joomla! Core 3.7.0 SQL Injection (3.7.0)

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)

Severity

Medium

Classification

CVE-2015-5323 CWE-264

Tags

Missing Update Known Vulnerabilities