CWE
281
Advisory Published
Advisory Published
Updated

CVE-2023-28668

First published: Thu Mar 23 2023(Updated: )

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected SoftwareAffected VersionHow to fix
Jenkins Role-based Authorization Strategy<=587.v2872c41fa_e51
maven/org.jenkins-ci.plugins:role-strategy<587.588.v850a
587.588.v850a_20a_30162
<=587.v2872c41fa_e51

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668?

    Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 is a vulnerability that allows permissions to be granted even after they've been disabled.

  • What is the severity of Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668?

    Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 has a severity rating of 9.8 (Critical).

  • How does Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 impact users?

    Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 allows unauthorized users to still have permissions even if they've been disabled.

  • How can I fix Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668?

    To fix Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668, update to version 587.v2872c41fa_e52 or later.

  • Where can I find more information about Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668?

    You can find more information about Jenkins Role-based Authorization Strategy Plugin CVE-2023-28668 on the Jenkins website: [link](https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-3053)

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203