An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9

Jenkins Subversion Plugin Incorrect Authorization vulnerability

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in and that allows an attacker with network access to obtain a list of nodes and users. As of version 2.10.3, the class handling requests to /subversion/ no longer extends the class handling requests to the …/search/ sub-path, therefore any such requests will fail.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 7 months ago

CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-w9gq-8q35-3jcc, CVE-2018-1000111
References: Repository:
Blast Radius: 1.0

Affected Packages

Affected Version Ranges: <= 2.10.2
Fixed in: 2.10.3