CVE-2023-41945

Missing Authorization in maven/org.jenkins-ci.plugins/assembla-auth

Identifiers

GHSA-qf42-f5vf-6w99, CVE-2023-41945

Package Slug

maven/org.jenkins-ci.plugins/assembla-auth

Vulnerability

Missing Authorization

Description

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.

Affected Versions

All versions up to 1.14

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-01-31

source