org.jenkins-ci.plugins:role-strategy

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:role-strategypage 1 of 1

CVE-2017-1000090HIGHCVSS 8.8EG 8.8✓ Fixed in 2.5.1
2017-10-05
vulnerable: 1.1.2 ... 2.5.0 (9 versions)
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the a…
CVE-2020-2286HIGHCVSS 8.8EG 8.8✓ Fixed in 3.1
2020-10-08
vulnerable: 2.12 ... 3.0 (6 versions)
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.
CVE-2021-21624MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.1.1
2021-03-18
vulnerable: 1.1.2 ... 3.1 (26 versions)
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
CVE-2023-28668CRITICALCVSS 9.8EG 9.8✓ Fixed in 587.588.v850a_20a_30162
2023-04-02
vulnerable: 1.1.2 ... 587.v2872c41fa_e51 (48 versions)
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.

Check whether org.jenkins-ci.plugins:role-strategy is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:role-strategy CVEs against the assets you own.

Start Free Scan →