Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9

Jenkins Subversion Plugin Incorrect Authorization vulnerability

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. As of version 2.10.3, the class handling requests to /subversion/ no longer extends the class handling requests to the …/search/ sub-path, therefore any such requests will fail.

Permalink: https://github.com/advisories/GHSA-w9gq-8q35-3jcc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago

CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-w9gq-8q35-3jcc, CVE-2018-1000111
References:

• https://nvd.nist.gov/vuln/detail/CVE-2018-1000111
• https://jenkins.io/security/advisory/2018-02-26/#SECURITY-724
• https://github.com/jenkinsci/subversion-plugin/commit/25f6afbb02a5863f363b0a2f664ac717ace743b4
• https://github.com/advisories/GHSA-w9gq-8q35-3jcc

Repository: https://github.com/jenkinsci/subversion-plugin
Blast Radius: 1.0

Affected Packages