#VU51595 Permissions, Privileges, and Access Controls in Matrix Authorization Strategy - CVE-2021-21623
Published: March 22, 2021
Vulnerability identifier: #VU51595
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-21623
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Matrix Authorization Strategy
Matrix Authorization Strategy
Software vendor:
Jenkins
Jenkins
Description
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the affected plugin does not correctly perform permission checks to determine whether an item should be accessible. A remote authenticated attacker can gain access to sensitive information.
Remediation
Install updates from vendor's website.