CVE-2025-24401 Information

Description

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled potentially allowing users formerly granted (typically optional permissions like Overall/Manage) to access functionality they’re no longer entitled to.

Reference

https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3062