Lucene search
GitHub Advisory DatabaseGHSA-VXC6-WVH8-FPXWHistoryMay 17, 2022 - 3:53 a.m.
Jenkins does not invalidate the API token when a user is deleted
2022-05-1703:53:54
CWE-287
GitHub Advisory Database
github.com
10
jenkins
api token
user deletion
remote access
software
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.003
Percentile
71.4%
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
Affected configurations
Node
org.jenkins-ci.main\Matchjenkins-core
ORorg.jenkins-ci.main\Matchjenkins-core
Related
nvd
nvd
CVE-2014-2062
2014-10-17 15:55:05
veracode
veracode
Session Fixation
2019-05-02 04:55:59
prion
prion
Design/Logic Flaw
2014-10-17 15:55:00
osv
osv
Jenkins does not invalidate the API token when a user is deleted
2022-05-17 03:53:54
ubuntucve
ubuntucve
CVE-2014-2062
2014-10-17 00:00:00
cvelist
cvelist
CVE-2014-2062
2014-10-17 15:00:00
cve
cve
CVE-2014-2062
2014-10-17 15:55:05
openvas
openvas
Jenkins Multiple Vulnerabilities (Feb 2014) - Linux
2016-08-05 00:00:00
Jenkins Multiple Vulnerabilities (Feb 2014) - Windows
2015-12-21 00:00:00
nessus
nessus
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.003
Percentile
71.4%
Related for GHSA-VXC6-WVH8-FPXW