Authorization Flaw in Jenkins Folder-based Authorization Strategy Plugin by CloudBees
CVE-2025-24401

6.8MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Folder-based Authorization Strategy Plugin
Vendor: CVE Published:; 22 January 2025

What is CVE-2025-24401?

The Jenkins Folder-based Authorization Strategy Plugin, up to version 217.vd5b_18537403e, fails to properly verify that the permissions granted to users are still valid. This flaw may enable users who previously held specific permissions, including optional ones like Overall/Manage, to retain access to functions they should no longer be entitled to. This behavior poses a significant risk as it can lead to unauthorized access and potential exploitation of sensitive functionalities.

Affected Version(s)

Jenkins Folder-based Authorization Strategy Plugin 0 <= 217.vd5b_18537403e

References

https://www.jenkins.io/security/advisory/2025-01-22/#SECU...

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 21, 2025