#VU73917 Permissions, Privileges, and Access Controls in Role-based Authorization Strategy


Published: 2023-03-22

Vulnerability identifier: #VU73917

Vulnerability risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28668

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Role-based Authorization Strategy
Web applications / Modules and components for CMS

Vendor: Jenkins

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect permission checks. A remote user can gain greater access than they’re entitled to.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Role-based Authorization Strategy: 587.v2872c41fa_e51

External links
http://jenkins.io/security/advisory/2023-03-21/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Privilege escalation in Jenkins Role-based Authorization Strategy plugin