Home > Vulnerability Database > CVE-2023-41939

Mend.io Vulnerability Database

CVE-2023-41939

Good to know:

Date: September 6, 2023

Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.

Language: Java

Severity Score

8.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41939

Url: http://www.openwall.com/lists/oss-security/2023/09/06/9

Url: https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3064

Url: https://www.mend.io/vulnerability-database/CVE-2023-41939

Severity Score

8.8

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:ssh2easy:1.6

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41939

Good to know:

Date: September 6, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?