CVE-2015-5323
EPSS 0.17%Jenkins allows Administrators to Access API Tokens
發布日:2022/5/13修改日:2025/3/13
描述
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
受影響套件(1)
- Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 1.625.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5323
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-0489.html
- WEBhttps://access.redhat.com/errata/RHSA-2016:0070
- WEBhttps://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11