The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a forced API token change involving anonymous users.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Jenkins |
Jenkins |
1.596.1 (including) |
1.596.1 (including) |
References