CVE-2015-5323

EPSS 0.17%

Jenkins allows Administrators to Access API Tokens

Published: 5/13/2022Modified: 3/13/2025

Description

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.

Affected packages (1)

Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 1.625.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5323
PATCHhttps://github.com/jenkinsci/jenkins
WEBhttp://rhn.redhat.com/errata/RHSA-2016-0489.html
WEBhttps://access.redhat.com/errata/RHSA-2016:0070
WEBhttps://github.com/jenkinsci/jenkins/commit/b3f16489ad5f15c3e749ed066cf6b4251f6668c6
WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11