Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-qf42-f5vf-6w99

GitHub Security Advisory

Disabled permissions granted by Jenkins Assembla Auth Plugin

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.

Affected Packages

Maven org.jenkins-ci.plugins:assembla-auth
Affected versions: 0 (last affected: 1.14)

Related CVEs

CVE-2023-41945

Key Information

GHSA ID
GHSA-qf42-f5vf-6w99
Published
September 6, 2023 3:30 PM
Last Modified
January 30, 2024 11:01 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:assembla-auth
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.