CVE Vulnerabilities

CVE-2023-28668

Improper Preservation of Permissions

Published: Apr 02, 2023 | Modified: Apr 07, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after theyve been disabled.

Weakness

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Affected Software

Name Vendor Start Version End Version
Role-based_authorization_strategy Jenkins * 587.v2872c41fa_e51

References