Jenkins Assembla Auth 1.14 Bypass ACL Permission Checks
CVE-2023-41945 Published on September 6, 2023

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.

Vendor Advisory NVD

Products Associated with CVE-2023-41945

Want to know whenever a new CVE is published for Jenkins Assembla Auth? stack.watch will email you.

Jenkins Assembla Auth

Affected Versions

Jenkins Project Jenkins Assembla Auth Plugin:

Before and including 1.14 is affected.

Exploit Probability

EPSS

0.06%

Percentile

18.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Assembla Auth 1.14 Bypass ACL Permission ChecksCVE-2023-41945 Published on September 6, 2023

Products Associated with CVE-2023-41945

Affected Versions

Exploit Probability

Jenkins Assembla Auth 1.14 Bypass ACL Permission Checks
CVE-2023-41945 Published on September 6, 2023