Jenkins: >> Role-Based Authorization Strategy Security Vulnerabilities
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-04-02
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-03-18
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-10-08
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-05