First published: Wed Mar 25 2015(Updated: )
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Jenkins | <1.606 | 1.606 |
redhat/Jenkins | <1.596.2 | 1.596.2 |
Jenkins Jenkins | =1.596.1 | |
Redhat Openshift | <=3.1 | |
Jenkins Jenkins | <=1.605 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.