Описание
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
A flaw was found in Jenkins Matrix Authorization Strategy Plugin. The jenkins plugin does not correctly perform permission checks, as consequences this allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. The highest threat from this vulnerability is to data confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 4.8 | jenkins | Fixed | RHSA-2021:2437 | 27.07.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
EPSS
6.5 Medium
CVSS3