CVE-2015-5323 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.625.2 || >=1.626 <1.638

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00198 pctl0.42

Details

Jenkins allows Administrators to Access API Tokens Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.

Metadata

Created: 2022-05-13T01:30:06Z
Modified: 2025-03-13T17:52:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x4m5-j4x4-4wjg/GHSA-x4m5-j4x4-4wjg.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-x4m5-j4x4-4wjg
Finding: F035
Auto approve: 1