CVE-2018-1000106 — Incorrect Authorization in Jenkins Gerrit Trigger

CWE-863 — Incorrect Authorization5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 81.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Gerrit Trigger
Timeline
PublishedMar 13
Latest updateMay 13

Description

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

â–¶NVDjenkins/gerrit_trigger2.27.4

🔴Vulnerability Details

3
OSV
Incorrect Authorization in Jenkins Gerrit Trigger Plugin↗2022-05-13
â–¶
GHSA
Incorrect Authorization in Jenkins Gerrit Trigger Plugin↗2022-05-13
â–¶
CVEList
CVE-2018-1000106: An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2↗2018-03-13
â–¶

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-02-26↗2018-02-26
â–¶
CVE-2018-1000106 — Incorrect Authorization in Jenkins | cvebase