1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-FVFC-8PQR-WJPV

[MAVEN:GHSA-FVFC-8PQR-WJPV] Missing Authorization in Jenkins S3 publisher Plugin

Severity Moderate
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Jenkins S3 publisher Plugin prior to 0.11.7 and 0.11.5.1 does not perform Run/Artifacts permission checks in various HTTP endpoints and API models.

This allows attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled.

Jenkins S3 publisher Plugin 0.11.7 and 0.11.5.1 requires Run/Artifacts permission to obtain information about artifacts if this permission is enabled.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/s3 < 0.11.5.1
pkg:maven/org.jenkins-ci.plugins/s3 = 0.11.6
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/s3 = 0.11.5.1
pkg:maven/org.jenkins-ci.plugins/s3 = 0.11.7
ID
MAVEN:GHSA-FVFC-8PQR-WJPV
Severity
moderate
URL
https://github.com/advisories/GHSA-fvfc-8pqr-wjpv
Published
2021-06-16T17:29:08
(3 years ago)
Modified
2023-12-26T11:52:02
(8 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/s3 org.jenkins-ci.plugins s3 < 0.11.5.1
Fixed pkg:maven/org.jenkins-ci.plugins/s3 org.jenkins-ci.plugins s3 = 0.11.5.1
Affected pkg:maven/org.jenkins-ci.plugins/s3 org.jenkins-ci.plugins s3 = 0.11.6
Fixed pkg:maven/org.jenkins-ci.plugins/s3 org.jenkins-ci.plugins s3 = 0.11.7
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date