VYPR
Medium severity4.3NVD Advisory· Published May 11, 2021· Updated Jun 17, 2026

CVE-2021-21650

CVE-2021-21650

Description

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:s3Maven
>= 0.11.6, < 0.11.70.11.7
org.jenkins-ci.plugins:s3Maven
< 0.11.5.10.11.5.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

1