CVE-2018-1000110Incorrect Authorization in Jenkins GIT

CWE-863Incorrect AuthorizationCWE-200Sensitive Information Exposure8 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
11.1%
top 6.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins GIT
Timeline
PublishedMar 13
Latest updateMay 13

Description

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDjenkins/git3.7.0

🔴Vulnerability Details

3
GHSA
Incorrect Authorization in Jenkins Git Plugin2022-05-13
OSV
Incorrect Authorization in Jenkins Git Plugin2022-05-13
CVEList
CVE-2018-1000110: An improper authorization vulnerability exists in Jenkins Git Plugin version 32018-03-13

📋Vendor Advisories

3
Microsoft
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.2018-03-13
Red Hat
jenkins-plugin-git: Disclosure of user names and node names to unauthorized users through post-commit hook URL in Git Plugin (SECURITY-723)2018-02-26
Jenkins
Jenkins Security Advisory 2018-02-262018-02-26

💬Community

1
Bugzilla
CVE-2018-1000110 jenkins-plugin-git: Disclosure of user names and node names to unauthorized users through post-commit hook URL in Git Plugin (SECURITY-723)2018-02-27
CVE-2018-1000110 — Incorrect Authorization in Jenkins | cvebase