Описание
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.532.1 (включая)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
Конфигурация 2Версия до 1.550 (включая)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00186
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
ubuntu
больше 11 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
redhat
около 12 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
debian
больше 11 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the AP ...
github
больше 3 лет назад
Jenkins does not invalidate the API token when a user is deleted
EPSS
Процентиль: 40%
0.00186
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-287