GHSA-vxc6-wvh8-fpxw

Опубликовано: 17 мая 2022

Источник: github

Github: Прошло ревью

Описание

Jenkins does not invalidate the API token when a user is deleted

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

>= 1.533, < 1.551

1.551

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

< 1.532.2

1.532.2

EPSS

Процентиль: 40%

0.00186

Низкий

CVE ID

CVE-2014-2062

Дефекты

CWE-287

Связанные уязвимости

CVE-2014-2062

ubuntu

больше 11 лет назад

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

CVE-2014-2062

redhat

около 12 лет назад

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

CVE-2014-2062

nvd

больше 11 лет назад

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

CVE-2014-2062

debian

больше 11 лет назад

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the AP ...

EPSS

Процентиль: 40%

0.00186

Низкий

CVE ID

CVE-2014-2062

Дефекты

CWE-287