CVE-2018-1000112 – org.jenkins-ci.plugins:mercurial

Package

Manager: maven
Name: org.jenkins-ci.plugins:mercurial
Vulnerable Version: >=0 <2.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00052 pctl0.15988

Details

Incorrect Authorization in Jenkins Mercurial Plugin An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.

Metadata

Created: 2022-05-13T01:48:32Z
Modified: 2022-06-30T18:31:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f9cx-789c-w2mr/GHSA-f9cx-789c-w2mr.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-f9cx-789c-w2mr
Finding: F006
Auto approve: 1