CVE-2023-28668
published 2023-04-02CVE-2023-28668: Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | absint_a_plugin | — | — |
| jenkins | convert_to_pipeline_plugin | — | — |
| jenkins | cppcheck_plugin | — | — |
| jenkins | crap4j_plugin | — | — |
| jenkins | ids_in_octoperf_load_testing_plugin | — | — |
| jenkins | jacoco_plugin | — | — |
| jenkins | mashup_portlets_plugin | — | — |
| jenkins | octoperf_load_testing_plugin | — | — |
| jenkins | performance_publisher_plugin | — | — |
| jenkins | phabricator_differential_plugin | — | — |
| jenkins | pipeline_aggregator_view_plugin | — | — |
| jenkins | role-based_authorization_strategy | <= 587.v2872c41fa_e51 | — |
| jenkins | role-based_authorization_strategy_plugin | — | — |
| jenkins | visual_studio_code_metrics_plugin | — | — |
| jenkins_project | jenkins_role-based_authorization_strategy_plugin | <= 587.v2872c41fa_e51 | — |