Description

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.

Remediation

References

CVE-2015-5323

Related Vulnerabilities

Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-24801)

Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)

WordPress Plugin Social Gallery and Widget Security Bypass (2.2.5)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-0783)

MySQL CVE-2017-3452 Vulnerability (CVE-2017-3452)

Severity

Medium

Classification

CVE-2015-5323 CWE-264

Tags

Missing Update Known Vulnerabilities