First published: Thu Mar 23 2023(Updated: )
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Role-based Authorization Strategy | <=587.v2872c41fa_e51 | |
maven/org.jenkins-ci.plugins:role-strategy | <587.588.v850a | 587.588.v850a_20a_30162 |
<=587.v2872c41fa_e51 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 is a vulnerability that allows permissions to be granted even after they've been disabled.
Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 has a severity rating of 9.8 (Critical).
Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 allows unauthorized users to still have permissions even if they've been disabled.
To fix Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668, update to version 587.v2872c41fa_e52 or later.
You can find more information about Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 on the Jenkins website: [link](https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-3053)