CVE-2018-1000110
published 2018-03-13CVE-2018-1000110: An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to…
medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | azure_slave_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | coverity_plugin | — | — |
| jenkins | cppncss_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | envinject_plugin | — | — |
| jenkins | environment_injector_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | git | <= 3.7.0 | — |
| jenkins | git_plugin | — | — |
| jenkins | google_play_android_publisher_plugin | — | — |
| jenkins | ids_in_google_play_android_publisher_plugin | — | — |
| jenkins | improper_access_control_in_gerrit_trigger_plugin | — | — |
| jenkins | job_and_node_ownership_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | testlink_plugin | — | — |
| jenkins | url_in_git_plugin | — | — |
| jenkins | url_in_mercurial_plugin | — | — |
| jenkins | url_in_subversion_plugin | — | — |
| jenkins | you_have_ever_used_environment_injector_plugin | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_git_2.23.4-1_on_cbl_mariner_1.0 | — | — |