Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...

GHSA-969G-RQ57-C79H Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...

CVE-2023-41945

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted...

CVE-2023-28668

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fae51 and earlier grants permissions even after they've been disabled...

PT-2023-21889 · Jenkins · Jenkins Role-Based Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 587.v2872c41fa e51 and earlier Description: The issue allows attackers to have greater access than they are entitled to after a permission is granted and then disabled. This occurs...