CVE-2021-21650

Summary

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins S3 publisher Pluginunspecified <= 0.11.6affected
Jenkins projectJenkins S3 publisher Plugin0.11.5.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References