CVE-2021-21624
published 2021-03-18CVE-2021-21624: An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aws_credentials_plugin | — | — |
| jenkins | folders_plugin | — | — |
| jenkins | libvirt_agents_plugin | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | role-based_authorization_strategy | <= 3.1 | — |
| jenkins | role-based_authorization_strategy_plugin | — | — |
| jenkins | warnings_plugin | — | — |
| jenkins_project | jenkins_role-based_authorization_strategy_plugin | unspecified – 3.1 | — |