Description
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
https://access.redhat.com/errata/RHSA-2016:0070
http://rhn.redhat.com/errata/RHSA-2016-0489.html
Related Vulnerabilities
CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_sjs1_3
CVE-2012-1833 Vulnerability in maven package org.grails:grails-core
CVE-2019-3868 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2019-1003071 Vulnerability in maven package hudson.plugins.octopusdeploy:octopusdeploy
CVE-2019-10464 Vulnerability in maven package org.jenkins-ci.plugins:weblogic-deployer-plugin