Описание
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| saucy | ignored | end of life |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needed |
Показывать по
10
6.5 Medium
CVSS2
Связанные уязвимости
redhat
около 12 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
nvd
больше 11 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
debian
больше 11 лет назад
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the AP ...
github
больше 3 лет назад
Jenkins does not invalidate the API token when a user is deleted
6.5 Medium
CVSS2