CVE-2018-1000112

CVSS v3.0 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.08 % (37^th)

Affected Products 1

Advisories 1

An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.

Weaknesses

CWE-863: Incorrect Authorization

CVE Status: PUBLISHED
CNA: cve@mitre.org
Published Date: 2018-03-13 13:29:00
(6 years ago)
Updated Date: 2019-10-03 00:03:26
(5 years ago)

Affected Products

Jenkins

Mercurial

Configuration #1

		CPE23	From	Up To
	Jenkins Mercurial for Jenkins 2.2 and prior versions	cpe:2.3:a:jenkins:mercurial::::::jenkins		<= 2.2