Description
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Appointment Schedule Booking System Cross-Site Scripting (1.0)
phpMyFAQ Permission Issues Vulnerability (CVE-2014-6047)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-15095)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3757)