[MAVEN:GHSA-25G4-P347-X748] Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being granted long after the configuration was changed to no longer grant them. Role-based Authorization Strategy Plugin 3.1 properly invalidates the cache on configuration changes.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/role-strategy	>= 2.12, < 3.1

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/role-strategy	= 3.1

ID

MAVEN:GHSA-25G4-P347-X748

Severity

high

URL

https://github.com/advisories/GHSA-25g4-p347-x748

Published

2022-05-24T17:30:18
(2 years ago)

Modified

2023-10-27T11:34:02
(10 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-1767

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2020-2286
			https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1767
			http://www.openwall.com/lists/oss-security/2020/10/08/5
			https://github.com/advisories/GHSA-25g4-p347-x748

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/role-strategy	org.jenkins-ci.plugins	role-strategy	>= 2.12 < 3.1
Fixed	pkg:maven/org.jenkins-ci.plugins/role-strategy	org.jenkins-ci.plugins	role-strategy	= 3.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date