Permissions Management Flaw in Jenkins SSH2 Easy Plugin by Jenkins
CVE-2023-41939

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Ssh2 Easy Plugin
Vendor: CVE Published:; 6 September 2023

What is CVE-2023-41939?

The Jenkins SSH2 Easy Plugin prior to version 1.5 exhibits a permissions management flaw. It fails to adequately verify whether permissions assigned to users are still valid. This oversight may grant users, who were previously assigned specific permissions (like Overall/Manage), access to functionalities they should no longer be entitled to. This vulnerability impacts the integrity of access controls and can lead to unauthorized actions within the Jenkins environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins SSH2 Easy Plugin 0 <= 1.4

References

https://www.jenkins.io/security/advisory/2023-09-06/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/09/06/9

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Sep 5, 2023

JSON

Jenkins

What is CVE-2023-41939?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.