Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-11-25T20:00:00

Updated: 2024-08-06T06:41:09.554Z

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5323

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2015-11-25T20:59:14.730

Modified: 2019-12-17T17:41:03.340

Link: CVE-2015-5323

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-11-11T00:00:00Z

Links: CVE-2015-5323 - Bugzilla