Matrix Authorization Strategy
CVE-2021-21623
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 1 maven packages depend on org.jenkins-ci.plugins:matrix-auth (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.6.6.
DescriptionNVD
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
AnalysisAI
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. Affected products include: Jenkins Matrix Authorization Strategy.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today