CVE-2023-28668

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28668
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28668.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28668
Aliases
Published
2023-04-02T21:15:08Z
Modified
2024-09-03T04:27:37.623886Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.

References

Affected packages

Git / github.com/jenkinsci/role-strategy-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/role-strategy-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2872c41fae5151b4a032d90cb4bbb380cc5156cb

Affected versions

483.*

483.v17281966f5c3

484.*

484.v8a_a_e4b_d785fd

488.*

488.v0634ce149b_8c

501.*

501.v88fe53d65c80

506.*

506.v13f908ee1fc9

508.*

508.v2a_f05b_05e9d8

510.*

510.v909834359ec2

521.*

521.vcf7a_3a_8dde42

526.*

526.v859673312a_14

530.*

530.ved5445d4875a_

546.*

546.ve16648865996

548.*

548.vb_60076577ec7

552.*

552.v14cb_85499b_89

555.*

555.v8d194cc85b_30

561.*

561.v9846c7351a_41

562.*

562.v44e9a_e828d0e

569.*

569.v7476f8e4fe29

575.*

575.v4d286a_03e6d7

584.*

584.vf8e515397ecd

587.*

587.v2872c41fa_e51

role-strategy-1.*

role-strategy-1.1.3

role-strategy-2.*

role-strategy-2.1.0
role-strategy-2.10
role-strategy-2.11
role-strategy-2.12
role-strategy-2.13
role-strategy-2.14
role-strategy-2.15
role-strategy-2.16
role-strategy-2.2.0
role-strategy-2.3.0
role-strategy-2.3.1
role-strategy-2.3.2
role-strategy-2.4.0
role-strategy-2.5.0
role-strategy-2.5.1
role-strategy-2.6.0
role-strategy-2.6.1
role-strategy-2.7.0
role-strategy-2.8.0
role-strategy-2.8.1
role-strategy-2.8.2
role-strategy-2.9.0

role-strategy-3.*

role-strategy-3.0
role-strategy-3.1
role-strategy-3.1.1
role-strategy-3.2.0