Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin
Moderate severity
GitHub Reviewed
Published
Jan 22, 2025
to the GitHub Advisory Database
•
Updated Jan 22, 2025
Description
Published by the National Vulnerability Database
Jan 22, 2025
Published to the GitHub Advisory Database
Jan 22, 2025
Reviewed
Jan 22, 2025
Last updated
Jan 22, 2025
Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.
References