CVE-2018-1000111

CWE-863 — Incorrect Authorization CWE-200 — Information Exposure7 documents7 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 88.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Subversion

Timeline

PublishedMar 13

Latest updateMay 13

Description

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶Mavenorg.jenkins-ci.plugins:subversion< 2.10.3

▶NVDjenkins/subversion2.10.2

🔴Vulnerability Details

OSV

Jenkins Subversion Plugin Incorrect Authorization vulnerability↗2022-05-13

▶

GHSA

Jenkins Subversion Plugin Incorrect Authorization vulnerability↗2022-05-13

▶

CVEList

CVE-2018-1000111: An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2↗2018-03-13

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2018-02-26↗2018-02-26

▶

Red Hat

jenkins-plugin-subversion: Disclosure of user names and node names to unauthorized users through post-commit hook URL in Subversion Plugin (SECURITY-724)↗2018-02-26

▶

💬Community

Bugzilla

CVE-2018-1000111 jenkins-plugin-subversion: Disclosure of user names and node names to unauthorized users through post-commit hook URL in Subversion Plugin (SECURITY-724)↗2018-02-27

▶