3 matches found
CVE-2021-21624
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders...
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (>=1.0.0 <=1.0.1) potentially affected by CVE-2021-21624 via org.jenkins-ci.plugins:role-strategy (=2.1.0)
org.jenkins-ci.plugins:role-strategy MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:role-strategy and may be impacted: - com.moded.extendedchoiceparameter:dynamicextendedchoiceparameter =1.0.0, =1.0.1 Source...
CVE-2021-21624
CVE-2021-21624 is an in-product permission-check flaw in Jenkins Role-based Authorization Strategy Plugin (3.1 and earlier). The issue lets users who have Item/Read on nested items access those items even if they lack Item/Read for parent folders. Public materials (OSV, GHSA, NVD) corroborate the...