VYPR

Matrix Authorization Strategy

by Jenkins Project

Source repositories

CVEs (3)

  • CVE-2026-42521MedApr 29, 2026
    risk 0.42cvss 6.5epss 0.00

    Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers…

  • CVE-2021-21623Mar 18, 2021
    risk 0.00cvss epss 0.01

    An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.

  • CVE-2020-2226Jul 15, 2020
    risk 0.00cvss epss 0.01

    Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.