PT-2014-4462 · Cloudbees+1 · Jenkins
Publicado
2014-10-17
·
Atualizado
2022-05-17
·
CVE-2014-2062
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Jenkins versions prior to 1.551
Jenkins LTS versions prior to 1.532.2
Description
The issue allows remote authenticated users to retain access via an API token even after a user is deleted, because the API token is not invalidated when a user is deleted.
Recommendations
For Jenkins versions prior to 1.551, update to version 1.551 or later to invalidate the API token when a user is deleted.
For Jenkins LTS versions prior to 1.532.2, update to version 1.532.2 or later to invalidate the API token when a user is deleted.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jenkins