CVE-2025-24401

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3062

Configurations

No configuration.

History

23 Jan 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-863
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8
Summary		(es) El complemento Jenkins Folder-based Authorization Strategy 217.vd5b_18537403e y versiones anteriores no verifica que los permisos configurados para otorgarse estén habilitados, lo que potencialmente permite que los usuarios a los que se les otorgaron anteriormente (normalmente permisos opcionales, como General/Administrar) accedan a funciones a las que ya no tienen derecho.

22 Jan 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-22 17:15

Updated : 2025-01-23 16:15

NVD link : CVE-2025-24401

Mitre link : CVE-2025-24401

CVE.ORG link : CVE-2025-24401

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

6.8 /10