Description
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Related Vulnerabilities
CVE-2019-10089 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-server
CVE-2023-41886 Vulnerability in maven package org.openrefine:database
CVE-2017-3159 Vulnerability in maven package org.apache.camel:camel-snakeyaml