Описание
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | jenkins | Will not fix | ||
| Red Hat OpenShift Enterprise 2.1 | jenkins | Fixed | RHBA-2014:1630 | 14.10.2014 |
| Red Hat OpenShift Enterprise 2.1 | jenkins-plugin-openshift | Fixed | RHBA-2014:1630 | 14.10.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-cartridge-jenkins | Fixed | RHBA-2014:1630 | 14.10.2014 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-613
https://bugzilla.redhat.com/show_bug.cgi?id=1067811jenkins: user tokens not invalidated correctly (SECURITY-89)
EPSS
Процентиль: 40%
0.00186
Низкий
4 Medium
CVSS2
Связанные уязвимости
ubuntu
больше 11 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
nvd
больше 11 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
debian
больше 11 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the AP ...
github
больше 3 лет назад
Jenkins does not invalidate the API token when a user is deleted
EPSS
Процентиль: 40%
0.00186
Низкий
4 Medium
CVSS2