Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00NnAyLWZ3cWctM2g2bc4AASkB
Incorrect Authorization in Jenkins Git Plugin
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Permalink: https://github.com/advisories/GHSA-46p2-fwqg-3h6mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NnAyLWZ3cWctM2g2bc4AASkB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-46p2-fwqg-3h6m, CVE-2018-1000110
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000110
- https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723
- https://github.com/jenkinsci/git-plugin/commit/a3d3a7eb7f75bfe97a0291e3b6d074aafafa86c9
- https://github.com/advisories/GHSA-46p2-fwqg-3h6m
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:git
Affected Version Ranges: <= 3.7.0Fixed in: 3.8.0