Description
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wu-Rating Cross-Site Scripting (1.0 12319)
WordPress Plugin Custom Login Page Customizer-LoginPress Unspecified Vulnerability (1.1.15)
e107 Other Vulnerability (CVE-2006-3259)
Oracle Database Server CVE-2015-0371 Vulnerability (CVE-2015-0371)
WordPress Plugin GraceMedia Media Player Local File Inclusion (1.0)