CVE-2023-28668
- EPSS 0.1%
- Published 02.04.2023 21:15:08
- Last modified 25.02.2025 20:15:32
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.
CVE-2021-21624
- EPSS 0.03%
- Published 18.03.2021 14:15:13
- Last modified 21.11.2024 05:48:43
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
CVE-2020-2286
- EPSS 0.1%
- Published 08.10.2020 13:15:11
- Last modified 21.11.2024 05:25:12
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.
CVE-2017-1000090
- EPSS 0.06%
- Published 05.10.2017 01:29:03
- Last modified 20.04.2025 01:37:25
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorizatio...