Описание
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1 (включая)
cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.625.1 (включая)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
Конфигурация 4Версия до 1.637 (включая)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00201
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
около 10 лет назад
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
redhat
около 10 лет назад
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
debian
около 10 лет назад
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict a ...
EPSS
Процентиль: 42%
0.00201
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264