CVE-2018-1000112
published 2018-03-13CVE-2018-1000112: An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network…
medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | azure_slave_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | coverity_plugin | — | — |
| jenkins | cppncss_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | envinject_plugin | — | — |
| jenkins | environment_injector_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | google_play_android_publisher_plugin | — | — |
| jenkins | ids_in_google_play_android_publisher_plugin | — | — |
| jenkins | improper_access_control_in_gerrit_trigger_plugin | — | — |
| jenkins | job_and_node_ownership_plugin | — | — |
| jenkins | mercurial | <= 2.2 | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | testlink_plugin | — | — |
| jenkins | url_in_git_plugin | — | — |
| jenkins | url_in_mercurial_plugin | — | — |
| jenkins | url_in_subversion_plugin | — | — |
| jenkins | you_have_ever_used_environment_injector_plugin | — | — |