Jenkins Matrix Authorization Strategy Plugin
Moderate fix1 remedy
cpe:2.3:a:jenkins:matrix_authorization_strategy:*:*:*:*:jenkins:*:*
Moderate fix1 remedy
- >= 2.0-beta-1, <= 3.2.9
Jenkins Matrix Authorization Strategy Plugin Unsafe Deserialization Vulnerability Allowing Arbitrary Class Instantiation
Vulnerability
Patched
A vulnerability exists in the Jenkins Matrix Authorization Strategy Plugin versions 2.0-beta-1 through 3.2.9, inclusive. The plugin improperly handles deserialization of inheritance strategies by invoking parameterless constructors of specified classes without restrictions. This flaw enables attackers with Item/Configure permission to instantiate arbitrary classes, potentially leading to information disclosure or other impacts based on the classes available on the classpath.
Impact
Exploitation of this vulnerability could allow for unauthorized instantiation of classes, potentially leading to information disclosure or other impacts, depending on the classes available on the classpath.
Remediation
Users of the Matrix Authorization Strategy Plugin should update to version 3.2.10, which includes a fix for this vulnerability by ensuring that only valid inheritance strategy implementations can be instantiated.
Added: Apr 29, 2026, 2:28 PM
Updated: Apr 29, 2026, 2:28 PM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
2.5exploitability
5.2remediation
7.7relevance
7.0threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.