CVE-2023-41939: Improper Preservation of Permissions

September 6, 2023 (updated January 30, 2024)

Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they’re no longer entitled to.

References

www.openwall.com/lists/oss-security/2023/09/06/9
github.com/advisories/GHSA-4gh2-m88h-8cj8
nvd.nist.gov/vuln/detail/CVE-2023-41939
www.jenkins.io/security/advisory/2023-09-06/

Detect and mitigate CVE-2023-41939 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →