1940489 – (CVE-2021-21623) CVE-2021-21623 jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin

Bug 1940489 (CVE-2021-21623) - CVE-2021-21623 jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin

Summary: CVE-2021-21623 jenkins-2-plugins/matrix-auth: Incorrect permission checks in ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-21623
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1942351 1942352 1942353 1940556 1940557 1940558 1940560
Blocks:	1940491
TreeView+	depends on / blocked

Reported:	2021-03-18 14:49 UTC by Pedro Sampaio
Modified:	2021-07-28 01:06 UTC (History)
CC List:	10 users (show)
Fixed In Version:	matrix-auth 2.6.6
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Jenkins Matrix Authorization Strategy Plugin. The jenkins plugin does not correctly perform permission checks, as consequences this allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. The highest threat from this vulnerability is to data confidentiality.
Clone Of:
Environment:
Last Closed:	2021-07-28 01:06:58 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:2437	0	None	None	None	2021-07-27 22:07:29 UTC

Description Pedro Sampaio 2021-03-18 14:49:23 UTC

Matrix Authorization Strategy Plugin 2.6.5 and earlier does not correctly perform permission checks to determine whether an item should be accessible. This allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.

References:

https://www.jenkins.io/security/advisory/2021-03-18/

Comment 2 Przemyslaw Roguski 2021-03-18 16:02:25 UTC

External References:

https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2180

Comment 5 errata-xmlrpc 2021-07-27 22:07:31 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.8

Via RHSA-2021:2437 https://access.redhat.com/errata/RHSA-2021:2437

Comment 6 Product Security DevOps Team 2021-07-28 01:06:58 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-21623

Note You need to log in before you can comment on or make changes to this bug.