Description
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/10/08/5
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1767
Related Vulnerabilities
CVE-2021-28860 Vulnerability in npm package mixme
CVE-2022-41936 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server
CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2020-7662 Vulnerability in npm package websocket-extensions
CVE-2019-10286 Vulnerability in maven package com.openmake:deployhub