Vulnerability Details CVE-2021-21624
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2021-21624
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:1.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:1.1
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:1.1.1
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:1.1.2
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:1.1.3
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.1.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.10
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.11
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.12
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.13
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.14
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.15
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.16
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.2.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.3.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.3.1
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.3.2
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.4.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.5.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.5.1
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.6.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.6.1
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.7.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.8.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.8.1
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.8.2
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:2.9.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:3.0
-
cpe:2.3:a:jenkins:role-based_authorization_strategy:3.1