Permission Bypass

Jenkins Folder-based Authorization Strategy Plugin is vulnerable to Permission Bypass. The vulnerability is due to the plugin not verifying that permissions configured to be granted are enabled, where users formerly granted optional permissions can access functionality they're no longer entitled...

CVE-2025-24401

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...

CVE-2025-24401

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...

PT-2025-5359 · Jenkins · Jenkins Folder-Based Authorization Strategy Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Folder-based Authorization Strategy Plugin versions 217.vd5b 18537403e and earlier Description: The issue potentially allows users who were formerly granted certain permissions to access functionality they are no longer entitled to,...

GHSA-5VJC-QX43-R747 Stored Cross-site Scripting in folder-auth plugin

Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission. Folder-based Authorization Strategy Plugin 1....

Stored Cross-site Scripting in folder-auth plugin

Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission. Folder-based Authorization Strategy Plugin 1....

Jenkins Folder-based Authorization Strategy Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The plugin fails to escape the role name displayed on the configuration form, which can ...

GHSA-CHR6-386Q-4M3V Duplicate Advisory: Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5vjc-qx43-r747. This link is maintained to preserve external references. Original Description Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the...

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

PT-2022-18287 · Jenkins · Jenkins Folder-Based Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Folder-based Authorization Strategy Plugin versions 1.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the names of roles shown on the configuration form are not...