GHSA-vxc6-wvh8-fpxw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vxc6-wvh8-fpxw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vxc6-wvh8-fpxw/GHSA-vxc6-wvh8-fpxw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vxc6-wvh8-fpxw
- Aliases
-
- CVE-2014-2062
- Published
- 2022-05-17T03:53:54Z
- Modified
- 2024-12-03T06:09:00.447149Z
- Summary
- Jenkins does not invalidate the API token when a user is deleted
- Details
-
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
- Database specific
{ "nvd_published_at": "2014-10-17T15:55:00Z", "cwe_ids": [ "CWE-287" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-05T14:37:53Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-2062
- https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3
- https://github.com/jenkinsci/jenkins
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
- http://www.openwall.com/lists/oss-security/2014/02/21/2
Affected packages
Maven / org.jenkins-ci.main:jenkins-core
Package
- Name
- org.jenkins-ci.main:jenkins-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.main/jenkins-core
Maven / org.jenkins-ci.main:jenkins-core
Package
- Name
- org.jenkins-ci.main:jenkins-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.main/jenkins-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.532.2
Affected versions
1.*
1.396
1.397
1.398
1.399
1.400
1.401
1.403
1.404
1.405
1.406
1.407
1.408
1.409
1.409.1
1.409.2
1.409.3
1.410
1.411
1.412
1.413
1.414
1.415
1.416
1.417
1.418
1.419
1.420
1.421
1.422
1.423
1.424
1.424.1
1.424.2
1.424.3
1.424.4
1.424.5
1.424.6
1.425
1.426
1.427
1.428
1.429
1.430
1.431
1.432
1.433
1.434
1.435
1.436
1.437
1.438
1.439
1.440
1.441
1.442
1.443
1.444
1.445
1.446
1.447
1.447.1
1.447.2
1.448
1.449
1.450
1.451
1.452
1.453
1.454
1.455
1.456
1.457
1.458
1.459
1.460
1.461
1.462
1.463
1.464
1.465
1.466
1.466.1
1.466.2
1.467
1.468
1.469
1.470
1.471
1.472
1.473
1.474
1.475
1.476
1.477
1.478
1.479
1.480
1.480.1
1.480.2
1.480.3
1.481
1.482
1.483
1.484
1.485
1.486
1.487
1.488
1.489
1.490
1.491
1.492
1.493
1.494
1.495
1.496
1.497
1.498
1.499
1.500
1.501
1.502
1.503
1.504
1.505
1.506
1.507
1.508
1.509
1.509.1
1.509.2
1.509.2.JENKINS-8856-diag
1.509.2.JENKINS-14362-jzlib
1.509.3
1.509.3.JENKINS-14362-jzlib
1.509.4
1.510
1.511
1.512
1.513
1.514
1.515
1.516
1.516.JENKINS-14362-jzlib
1.517
1.518
1.518.JENKINS-14362-jzlib
1.519
1.520
1.521
1.522
1.523
1.524
1.525
1.526
1.527
1.528
1.529
1.530
1.531
1.532
1.532.1
1.532.1.JENKINS-19453