Authorization Flaw in Jenkins Role-based Authorization Strategy Plugin
CVE-2023-28668
9.8CRITICAL
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 2 April 2023
What is CVE-2023-28668?
The Role-based Authorization Strategy Plugin for Jenkins contains a significant vulnerability that permits permissions to remain active even if they have been explicitly disabled. This flaw could lead to unauthorized access to restricted areas of a Jenkins instance, posing serious security risks. Users and administrators are advised to review their configurations and apply the appropriate updates as recommended in the latest security advisory.
Affected Version(s)
Jenkins Role-based Authorization Strategy Plugin 0 <= 587.v2872c41fa_e51