CVE-2023-41945

CWE-862Missing Authorization6 documents6 sources
Severity
8.8HIGH
EPSS
0.1%
top 81.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Assembla Auth PluginJenkins Assembla Auth
Timeline
PublishedSep 6
Latest updateOct 15

Description

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
Disabled permissions granted by Jenkins Assembla Auth Plugin2023-09-06
OSV
Disabled permissions granted by Jenkins Assembla Auth Plugin2023-09-06
CVEList
CVE-2023-41945: Jenkins Assembla Auth Plugin 12023-09-06

📋Vendor Advisories

2
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (HTTPX) — CVE-2021-419452023-10-15
Jenkins
Jenkins Security Advisory 2023-09-062023-09-06
CVE-2023-41945 (HIGH CVSS 8.8) | Jenkins Assembla Auth Plugin 1.14 a | cvebase.io