Fluid Attacks Database

Description

Incorrect Authorization in Jenkins Mercurial Plugin An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jenkins-ci.plugins:mercurial	>=0 <2.3	2.3

Aliases

1. CVE-2018-10001122. NVD-2018-10001123. OSV-2018-10001124. GCVE-2018-1000112

References

1. https://github.com/jenkinsci/mercurial-plugin/commit/54b4f82e80c89d51b12bc64258f6b59e98b0c16a2. https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726