CVE-2014-2062 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

Remediation

References

http://www.openwall.com/lists/oss-security/2014/02/21/2

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3

Related Vulnerabilities

CVE-2023-48240 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

CVE-2020-13926 Vulnerability in maven package org.apache.kylin:kylin-server

CVE-2011-5062 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2022-40664 Vulnerability in maven package org.apache.shiro:shiro-core

CVE-2018-11765 Vulnerability in maven package org.apache.hadoop:hadoop-common

Severity

Critical

Classification

CWE-287