CVE-2018-1000110 – org.jenkins-ci.plugins:git

Package

Manager: maven
Name: org.jenkins-ci.plugins:git
Vulnerable Version: >=0 <3.8.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.12984 pctl0.93821

Details

Incorrect Authorization in Jenkins Git Plugin An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.

Metadata

Created: 2022-05-13T01:48:31Z
Modified: 2022-06-30T18:52:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-46p2-fwqg-3h6m/GHSA-46p2-fwqg-3h6m.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-46p2-fwqg-3h6m
Finding: F006
Auto approve: 1