Jenkins Role-based_authorization_strategy
4 CVEs affecting Jenkins Role-based_authorization_strategy. Latest disclosed: 2023-04-02. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-28668 | Critical | 9.8 | 2023-04-02 | Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled. |
CVE-2020-2286 | High | 8.8 | 2020-10-08 | Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting i… |
CVE-2017-1000090 | High | 8.8 | 2017-10-05 | Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks… |
CVE-2021-21624 | Medium | 4.3 | 2021-03-18 | An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to… |