Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.
{
"cpe": "cpe:2.3:a:jenkins:folder-based_authorization_strategy:*:*:*:*:*:jenkins:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "217.vd5b_18537403e"
}
],
"source": "CPE_RANGE"
}