Description
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Icon Widget Cross-Site Scripting (1.2.6)
WordPress Plugin YouTube Embed Cross-Site Scripting (5.0.1)
Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2019-12855)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5739)
ProjectSend Improper Privilege Management Vulnerability (CVE-2020-28874)