CVE-2023-41945

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted...

Jenkins Plugin Assembla Auth Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-26210 · Jenkins · Jenkins Assembla Auth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin versions 1.14 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to trick users into logging in to the attacker's account. This issue arises because the plugin does not...

PT-2019-11682 · Jenkins · Jenkins Assembla Auth Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in the global config.xml configuration file on the Jenkins master. This allows users with access ...