GHSA-f9cx-789c-w2mr

Source

https://github.com/advisories/GHSA-f9cx-789c-w2mr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f9cx-789c-w2mr/GHSA-f9cx-789c-w2mr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-f9cx-789c-w2mr

Aliases

CVE-2018-1000112

Published

2022-05-13T01:48:32Z

Modified

2024-02-16T08:06:47.788023Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Incorrect Authorization in Jenkins Mercurial Plugin

Details

An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.

Database specific

{
    "nvd_published_at": "2018-03-13T13:29:00Z",
    "cwe_ids": [
        "CWE-863"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-30T18:31:43Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:mercurial

Package

Name: org.jenkins-ci.plugins:mercurial; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/mercurial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3

Affected versions

1.*

1.37

1.38

1.39

1.40

1.41

1.42

1.43

1.44

1.45

1.46

1.47

1.48-beta-1

1.48

1.49

1.50-beta-1

1.50-beta-2

1.50

1.50.1

1.51-beta-1

1.51-beta-2

1.51-beta-3

1.51

1.52

1.53

1.54

1.55

1.56

1.57

1.58-beta-1

1.58

1.59

1.60

1.61

2.*

2.0-alpha-1

2.0-alpha-4

2.0-beta-1

2.0

2.1

2.2

Database specific

{
    "last_known_affected_version_range": "<= 2.2"
}