CVE-2021-21650
- EPSS 0.05%
- Veröffentlicht 11.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:48:46
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the option...
CVE-2021-21651
- EPSS 0.07%
- Veröffentlicht 11.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:48:46
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.
CVE-2020-2114
- EPSS 0.05%
- Veröffentlicht 12.02.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:24:41
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2018-1000177
- EPSS 0.06%
- Veröffentlicht 08.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:51
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names ...