Cloudbees · Jenkins · CVE-2015-1814
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 1.606
Jenkins LTS versions prior to 1.596.2
**Description**
The issue allows remote attackers to gain privileges via a forced API token change involving anonymous users. This is related to the API token-issuing service.
**Recommendations**
For Jenkins versions prior to 1.606, update to version 1.606 or later.
For Jenkins LTS versions prior to 1.596.2, update to version 1.596.2 or later.