Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins role-based authorization strategy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28668
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and previous versions grants permissions even after they've been disabled.
Jenkins Role-based Authorization Strategy
8.8
CVSSv3
CVE-2020-2286
Jenkins Role-based Authorization Strategy Plugin 3.0 and previous versions does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.
Jenkins Role-based Authorization Strategy
8.8
CVSSv3
CVE-2017-1000090
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed malicious users to add administrator role to any user, or to remove the authorization configuration, prevent...
Jenkins Role-based Authorization Strategy
4.3
CVSSv3
CVE-2021-21641
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and previous versions allows malicious users to to promote builds.
Jenkins Promoted Builds
4.3
CVSSv3
CVE-2021-21624
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and previous versions allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
Jenkins Role-based Authorization Strategy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started