Jenkins: >> S3 Publisher >> 0.11.5 Security Vulnerabilities
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-05-11
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-05-11