Maven package

org.jenkins-ci.plugins/matrix-auth

pkg:maven/org.jenkins-ci.plugins/matrix-auth

Vulnerabilities (3)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-42521	Med	6.5	>= 2.0-beta-1, < 3.2.10	3.2.10	Apr 29, 2026	Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers
CVE-2021-21623		—	< 2.6.6	2.6.6	Mar 18, 2021	An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
CVE-2020-2226		—	< 2.6.2	2.6.2	Jul 15, 2020	Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.

CVE-2026-42521MedApr 29, 2026
affected >= 2.0-beta-1, < 3.2.10fixed 3.2.10
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers
CVE-2021-21623Mar 18, 2021
affected < 2.6.6fixed 2.6.6
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
CVE-2020-2226Jul 15, 2020
affected < 2.6.2fixed 2.6.2
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.