Lucene search
+L

66 matches found

Vulnrichment
Vulnrichment
added 2023/03/23 11:25 a.m.6 views

CVE-2023-28668

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fae51 and earlier grants permissions even after they've been disabled...

9.6AI score0.00828EPSS
Exploits0References1
CVE
CVE
added 2023/03/23 11:25 a.m.255 views

CVE-2023-28668

The CVE-2023-28668 entry concerns Jenkins’ Role-based Authorization Strategy Plugin. Affected: plugin version 587.v2872c41fa_e51 and earlier. Root cause: permissions can be granted and remain effective after being disabled (e.g., via script console or group assignments). Impact: attackers could g...

9.8CVSS9.3AI score0.00828EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2023/03/23 11:25 a.m.41 views

CVE-2023-28668

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fae51 and earlier grants permissions even after they've been disabled...

9.8CVSS9.2AI score0.00828EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.2 views

PT-2023-21889 · Jenkins · Jenkins Role-Based Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 587.v2872c41fa e51 and earlier Description: The issue allows attackers to have greater access than they are entitled to after a permission is granted and then disabled. This occurs...

9.8CVSS6.8AI score0.00828EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/24 5:44 p.m.34 views

Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items

Items like jobs can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well. Role-based Authorization Strategy Plugin 3.1 and earlier does not correctly perform permission checks t...

4.3CVSS3AI score0.00877EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:44 p.m.51 views

GHSA-RM4M-39FJ-288C Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items

Items like jobs can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well. Role-based Authorization Strategy Plugin 3.1 and earlier does not correctly perform permission checks t...

4.3CVSS4.7AI score0.00877EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:30 p.m.28 views

Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin

Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being...

8.8CVSS8.1AI score0.01273EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:30 p.m.21 views

GHSA-25G4-P347-X748 Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin

Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being...

8.8CVSS8.5AI score0.01273EPSS
Exploits0References3
OSV
OSV
added 2022/05/17 4:9 a.m.10 views

GHSA-9QHQ-J4XM-CW48 PicketLink does not properly check role based authorization

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.7.1.Final does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a 1 direct request or 2...

4CVSS6.1AI score0.01913EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/17 4:9 a.m.14 views

PicketLink does not properly check role based authorization

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.7.1.Final does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a 1 direct request or 2...

4CVSS7AI score0.01913EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:29 a.m.27 views

CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access t...

8.8CVSS6.8AI score0.00678EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/17 12:29 a.m.24 views

GHSA-774G-R3FM-4V85 CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access t...

8.8CVSS8.7AI score0.00678EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.7 views

Spinnaker 访问控制错误漏洞

Spinnaker is a continuous delivery platform. Used to release software changes with high speed and confidence. Spinnaker has a security vulnerability that stems from the presence of inappropriate privileges in the software that allow for pipeline creation and execution. This allows an arbitrary us...

10CVSS6.1AI score0.0257EPSS
Exploits0References3
NVD
NVD
added 2021/03/18 2:15 p.m.22 views

CVE-2021-21624

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders...

4.3CVSS0.00877EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/18 1:35 p.m.31 views

CVE-2021-21624

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders...

5.2AI score0.00877EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.8 views

Jenkins Role-based Authorization Strategy 权限许可和访问控制问题漏洞

Jenkins Role-based Authorization Strategy is Jenkins open source an application plugin . The plugin is used to add a new role-based mechanism to manage user rights . A privilege impropriety vulnerability exists in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier versions. An...

4.3CVSS5.7AI score0.00877EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/03/18 12:0 a.m.5 views

PT-2021-14667 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.1 and earlier Description: The issue arises from an incorrect permission check, allowing attackers with Item/Read permission on nested items to access them even if they lack Item/Rea...

4.3CVSS4.3AI score0.00877EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2021/02/01 2:1 p.m.33 views

CVE-2020-1958

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...

6.5CVSS2.2AI score0.04565EPSS
Exploits0References4
NCSC
NCSC
added 2020/12/16 12:0 a.m.31 views

Vulnerability fixed in Cloudforms

RedHat has fixed a vulnerability in CloudForms Management Engine. Due to a flaw in Role Based authorizations, an authorized malicious person is able to execute commands with administrator privileges, or gain access to sensitive data. This vulnerability was previously reported as the vulnerability...

8.3CVSS7AI score0.01EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/12/15 12:0 a.m.6 views

The vulnerability in the web interface of the Cisco Identity Services Engine allows a perpetrator to modify the configuration of a vulnerable device.

The vulnerability of the Cisco Identity Services Engine’s network policy management web interface is related to access control errors based on role-based authorization RBAC. Exploiting this vulnerability could allow a malicious actor to remotely alter the configuration of the vulnerable device...

7.7CVSS7.2AI score0.00881EPSS
Exploits0References4
Rows per page
Query Builder