CVE-2023-41945
📋 TL;DR
The Jenkins Assembla Auth Plugin vulnerability allows users with EDIT permissions to gain Overall/Manage and Overall/SystemRead permissions even when those permissions are disabled. This affects Jenkins instances using Assembla Auth Plugin 1.14 or earlier, potentially enabling unauthorized administrative access.
💻 Affected Systems
- Jenkins Assembla Auth Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers with EDIT permissions gain full administrative control over Jenkins, allowing them to execute arbitrary code, steal credentials, modify configurations, and compromise the entire CI/CD pipeline.
Likely Case
Users with EDIT permissions unintentionally or maliciously gain elevated privileges, leading to unauthorized configuration changes, job modifications, and access to sensitive system information.
If Mitigated
With proper access controls and monitoring, impact is limited to privilege escalation within the Jenkins environment, but no external system compromise.
🎯 Exploit Status
Exploitation requires existing EDIT permissions. The vulnerability is simple to exploit once an attacker has EDIT access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Assembla Auth Plugin 1.15 or later
Vendor Advisory: https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3065
Restart Required: Yes
Instructions:
1. Access Jenkins plugin manager. 2. Update Assembla Auth Plugin to version 1.15 or later. 3. Restart Jenkins. 4. Verify plugin version in plugin manager.
🔧 Temporary Workarounds
Disable Assembla Auth Plugin
allTemporarily disable the vulnerable plugin until patching is possible
Navigate to Jenkins > Manage Jenkins > Manage Plugins > Installed tab > Find Assembla Auth Plugin > Disable
Restrict EDIT permissions
allTemporarily remove EDIT permissions from non-administrative users
Navigate to Jenkins > Manage Jenkins > Configure Global Security > Authorization > Adjust permissions to remove EDIT from non-admin users
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Jenkins from critical systems
- Enable detailed audit logging and monitor for privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Jenkins plugin manager for Assembla Auth Plugin version. If version is 1.14 or earlier, the system is vulnerable.Check Version:
Navigate to Jenkins > Manage Jenkins > Manage Plugins > Installed tab > Find Assembla Auth PluginVerify Fix Applied:
Verify Assembla Auth Plugin version is 1.15 or later in plugin manager and test that EDIT permissions no longer grant Overall/Manage or Overall/SystemRead.📡 Detection & Monitoring
Log Indicators:
- Unexpected permission changes in Jenkins audit logs
- Users with EDIT permissions accessing administrative functions
Network Indicators:
- Unusual administrative API calls from non-admin users
SIEM Query:
source="jenkins" AND (event="permission_granted" OR event="admin_access") AND user_role="EDIT"