Fluid Attacks Database

Description

Incorrect Authorization in Jenkins Git Plugin An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jenkins-ci.plugins:git	>=0 <3.8.0	3.8.0

Aliases

1. CVE-2018-10001102. NVD-2018-10001103. OSV-2018-10001104. GCVE-2018-1000110

References

1. https://github.com/jenkinsci/git-plugin/commit/a3d3a7eb7f75bfe97a0291e3b6d074aafafa86c92. https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723