Permissions Management Flaw in Jenkins SSH2 Easy Plugin by Jenkins
CVE-2023-41939

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Ssh2 Easy Plugin
Vendor: CVE Published:; 6 September 2023

Summary

The Jenkins SSH2 Easy Plugin prior to version 1.5 exhibits a permissions management flaw. It fails to adequately verify whether permissions assigned to users are still valid. This oversight may grant users, who were previously assigned specific permissions (like Overall/Manage), access to functionalities they should no longer be entitled to. This vulnerability impacts the integrity of access controls and can lead to unauthorized actions within the Jenkins environment.

Affected Version(s)

Jenkins SSH2 Easy Plugin 0 <= 1.4

References

https://www.jenkins.io/security/advisory/2023-09-06/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/09/06/9

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Sep 5, 2023