CVE-2018-1000111
published 2018-03-13CVE-2018-1000111: An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and…
medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | azure_slave_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | coverity_plugin | — | — |
| jenkins | cppncss_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | envinject_plugin | — | — |
| jenkins | environment_injector_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | google_play_android_publisher_plugin | — | — |
| jenkins | ids_in_google_play_android_publisher_plugin | — | — |
| jenkins | improper_access_control_in_gerrit_trigger_plugin | — | — |
| jenkins | job_and_node_ownership_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | subversion | <= 2.10.2 | — |
| jenkins | testlink_plugin | — | — |
| jenkins | url_in_git_plugin | — | — |
| jenkins | url_in_mercurial_plugin | — | — |
| jenkins | url_in_subversion_plugin | — | — |
| jenkins | you_have_ever_used_environment_injector_plugin | — | — |