Maven package
org.jenkins-ci.plugins/s3
pkg:maven/org.jenkins-ci.plugins/s3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-21651 | — | >= 0.11.6, < 0.11.7 | 0.11.7 | May 11, 2021 | Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. | ||
| CVE-2021-21650 | — | >= 0.11.6, < 0.11.7 | 0.11.7 | May 11, 2021 | Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is | ||
| CVE-2020-2114 | — | < 0.11.5 | 0.11.5 | Feb 12, 2020 | Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||
| CVE-2018-1000177 | — | < 0.11.0 | 0.11.0 | May 8, 2018 | A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that wou |
- CVE-2021-21651May 11, 2021affected >= 0.11.6, < 0.11.7fixed 0.11.7
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.
- CVE-2021-21650May 11, 2021affected >= 0.11.6, < 0.11.7fixed 0.11.7
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is
- CVE-2020-2114Feb 12, 2020affected < 0.11.5fixed 0.11.5
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2018-1000177May 8, 2018affected < 0.11.0fixed 0.11.0
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that wou