Authorization Flaw in Jenkins Role-based Authorization Strategy Plugin
CVE-2023-28668
9.8CRITICAL
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 2 April 2023
Summary
The Role-based Authorization Strategy Plugin for Jenkins contains a significant vulnerability that permits permissions to remain active even if they have been explicitly disabled. This flaw could lead to unauthorized access to restricted areas of a Jenkins instance, posing serious security risks. Users and administrators are advised to review their configurations and apply the appropriate updates as recommended in the latest security advisory.
Affected Version(s)
Jenkins Role-based Authorization Strategy Plugin 0 <= 587.v2872c41fa_e51
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved