Description

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.

Remediation

References

CVE-2015-1814

Related Vulnerabilities

OpenSSL Other Vulnerability (CVE-2005-1797)

Moodle CVE-2019-3852 Vulnerability (CVE-2019-3852)

WordPress Plugin GamiPress-The most flexible and powerful gamification for WordPress Cross-Site Request Forgery (2.5.0)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8444)

Joomla Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2016-10045)

Severity

High

Classification

CVE-2015-1814 CWE-264

Tags

Missing Update Known Vulnerabilities