Jenkins S3 publisher Plugin does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled.
Jenkins S3 publisher Plugin does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.
Jenkins S3 publisher Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form. This can result in exposure of the credential through browser extensions, cross-site scripting vulnerabilities, and similar situations.
A cross-site scripting vulnerability in the Jenkins S3 Plugin allows attackers to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.