CVE-2021-21624

Incorrect Authorization in maven/org.jenkins-ci.plugins/role-strategy

Identifier

CVE-2021-21624

Package Slug

maven/org.jenkins-ci.plugins/role-strategy

Vulnerability

Incorrect Authorization

Description

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.

Affected Versions

All versions up to 3.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-03-25

source