Description
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
Remediation
References
Related Vulnerabilities
WordPress Plugin AI ChatBot Directory Traversal (4.9.2)
PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115)
Squid Improper Input Validation Vulnerability (CVE-2016-2570)
WordPress Plugin CallRail Phone Call Tracking Cross-Site Request Forgery (0.4.9)
WordPress Plugin YITH WooCommerce Zoom Magnifier Cross-Site Scripting (1.2.6)