CVE-2015-1814

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API…

redhat·CWE-264·Published 2015-10-16

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

178 chars

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.

NVDen

178 chars

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.

OSV.deven

178 chars

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.

GHSAen

178 chars

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.

NVDes

251 chars

El servicio de emisión de token de API en Jenkins en versiones anteriores a 1.606 y LTS en versiones anteriores a 1.596.2 permite a atacantes remotos obtener privilegios a través de un "cambio forzado de token de API" involucrando a usuarios anónimos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
4.0	Secondary	GHSA	6.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N