Matrix Authorization Strategy

matrix_authorization_strategy

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-42521 1Jenkins 1Matrix Authorization Strategy May 6, 2026 Apr 29, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricti...Show more Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.Show less
CVE-2021-21623 1Jenkins 1Matrix Authorization Strategy Nov 21, 2024 Mar 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent...Show more An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.Show less
CVE-2020-2226 1Jenkins 1Matrix Authorization Strategy Nov 21, 2024 Jul 15, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.