CVE-2014-2062

Опубликовано: 17 окт. 2014

Источник: debian

Описание

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jenkins	fixed	1.565.2-1		package

Примечания

https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3

Связанные уязвимости

CVE-2014-2062

ubuntu

больше 11 лет назад

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

CVE-2014-2062

redhat

около 12 лет назад

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

CVE-2014-2062

nvd

больше 11 лет назад

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

GHSA-vxc6-wvh8-fpxw

github

больше 3 лет назад

Jenkins does not invalidate the API token when a user is deleted