Skip to main content

Role Based Authorization Strategy

4 CVEs product

Monthly

CVE-2023-28668 Maven CRITICAL PATCH Act Now

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Role Based Authorization Strategy
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-21624 Maven MEDIUM PATCH This Month

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Role Based Authorization Strategy
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-2286 Maven HIGH PATCH This Week

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Role Based Authorization Strategy
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2017-1000090 Maven HIGH PATCH This Week

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Role Based Authorization Strategy
NVD
CVSS 3.0
8.8
EPSS
0.1%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Role Based Authorization Strategy
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Role Based Authorization Strategy
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Role Based Authorization Strategy
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Role Based Authorization Strategy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy