Jenkins Assembla Auth Plugin 1.14 and previous versions does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins assembla auth |