CVE-2018-1000112

Source
https://cve.org/CVERecord?id=CVE-2018-1000112
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000112.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000112
Aliases
Published
2018-03-13T13:29:00.750Z
Modified
2026-07-08T14:13:26.064496Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.

References

Affected packages

Git / github.com/jenkinsci/mercurial-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/mercurial-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:jenkins:mercurial:*:*:*:*:*:jenkins:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2"
        }
    ]
}

Affected versions

mercurial-1.*
mercurial-1.35
mercurial-1.36
mercurial-1.37
mercurial-1.38
mercurial-1.39
mercurial-1.40
mercurial-1.41
mercurial-1.42
mercurial-1.43
mercurial-1.44
mercurial-1.45
mercurial-1.46
mercurial-1.47
mercurial-1.48
mercurial-1.48-beta-1
mercurial-1.49
mercurial-1.50
mercurial-1.50-beta-1
mercurial-1.50-beta-2
mercurial-1.51
mercurial-1.51-beta-1
mercurial-1.51-beta-2
mercurial-1.51-beta-3
mercurial-1.52
mercurial-1.53
mercurial-1.54
mercurial-1.55
mercurial-1.56
mercurial-1.57
mercurial-1.58
mercurial-1.58-beta-1
mercurial-1.59
mercurial-1.60
mercurial-1.61
mercurial-2.*
mercurial-2.0
mercurial-2.0-beta-1
mercurial-2.1
mercurial-2.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000112.json"