{"id":"CVE-2020-2286","details":"Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.","aliases":["GHSA-25g4-p347-x748"],"modified":"2026-03-15T22:34:53.520500Z","published":"2020-10-08T13:15:11.313Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/10/08/5"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1767"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/role-strategy-plugin","events":[{"introduced":"0"},{"last_affected":"44472bab6e08e7f03e7f140f7e730c09cbcb0623"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0"}]}}],"versions":["role-strategy-1.1.3","role-strategy-2.1.0","role-strategy-2.10","role-strategy-2.11","role-strategy-2.12","role-strategy-2.13","role-strategy-2.14","role-strategy-2.15","role-strategy-2.16","role-strategy-2.2.0","role-strategy-2.3.0","role-strategy-2.3.1","role-strategy-2.3.2","role-strategy-2.4.0","role-strategy-2.5.0","role-strategy-2.5.1","role-strategy-2.6.0","role-strategy-2.6.1","role-strategy-2.7.0","role-strategy-2.8.0","role-strategy-2.8.1","role-strategy-2.8.2","role-strategy-2.9.0","role-strategy-3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2286.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}