CVE-2022-43410

CWE-200Information Exposure7 documents7 sources
Severity
5.3MEDIUM
EPSS
0.5%
top 33.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Mercurial PluginJenkins Mercurial
Timeline
PublishedOct 19

Description

Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

Mavenorg.jenkins-ci.plugins:mercurial< 1260.vdfb_723cdcc81
CVEListV5jenkins_project/jenkins_mercurial_pluginunspecified1251.va_b_121f184902
NVDjenkins/mercurial1251.va_b_121f184902

🔴Vulnerability Details

3
GHSA
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin2022-10-19
OSV
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin2022-10-19
CVEList
CVE-2022-43410: Jenkins Mercurial Plugin 12512022-10-19

📋Vendor Advisories

3
Red Hat
jenkins-plugin/mercurial: Webhook endpoint discloses job names to unauthorized users in Mercurial Plugin2022-10-19
Jenkins
Jenkins Security Advisory 2022-10-192022-10-19
Microsoft
Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no per2022-10-11
CVE-2022-43410 (MEDIUM CVSS 5.3) | Jenkins Mercurial Plugin 1251.va_b_ | cvebase.io