CVE-2021-21651

Summary

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins S3 publisher Pluginunspecified <= 0.11.6affected
Jenkins projectJenkins S3 publisher Plugin0.11.5.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References