GHSA-qf42-f5vf-6w99, CVE-2023-41945
maven/org.jenkins-ci.plugins/assembla-auth
Missing Authorization
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.
All versions up to 1.14
Unfortunately, there is no solution available yet.
2024-01-31
source |