CVE-2018-1000112

CWE-863Incorrect AuthorizationCWE-200Information Exposure7 documents7 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 83.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Mercurial
Timeline
PublishedMar 13
Latest updateMay 13

Description

An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

3
OSV
Incorrect Authorization in Jenkins Mercurial Plugin2022-05-13
GHSA
Incorrect Authorization in Jenkins Mercurial Plugin2022-05-13
CVEList
CVE-2018-1000112: An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 22018-03-13

📋Vendor Advisories

2
Red Hat
jenkins-plugin-mercurial: Disclosure of user names and node names to unauthorized users through post-commit hook URL in Mercurial Plugin (SECURITY-726)2018-02-26
Jenkins
Jenkins Security Advisory 2018-02-262018-02-26

💬Community

1
Bugzilla
CVE-2018-1000112 jenkins-plugin-mercurial: Disclosure of user names and node names to unauthorized users through post-commit hook URL in Mercurial Plugin (SECURITY-726)2018-02-27
CVE-2018-1000112 (MEDIUM CVSS 5.3) | An improper authorization vulnerabi | cvebase.io