CVE-2023-41945

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Auth Plugin versions 1.14 and earlier

Description The issue results in users with EDIT permissions being granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted. This occurs because the plugin does not verify that the permissions it grants are enabled.

Recommendations For Jenkins Assembla Auth Plugin versions 1.14 and earlier, update to a version that includes the fix for this issue to prevent users with EDIT permissions from being granted unnecessary permissions.