VYPR
Medium severity4.3NVD Advisory· Published May 11, 2021· Updated Jun 17, 2026

CVE-2021-21651

CVE-2021-21651

Description

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:s3Maven
>= 0.11.6, < 0.11.70.11.7
org.jenkins-ci.plugins:s3Maven
< 0.11.5.10.11.5.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

1