Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9

Jenkins Subversion Plugin Incorrect Authorization vulnerability

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. As of version 2.10.3, the class handling requests to /subversion/ no longer extends the class handling requests to the …/search/ sub-path, therefore any such requests will fail.

Permalink: https://github.com/advisories/GHSA-w9gq-8q35-3jcc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 7 months ago


CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-w9gq-8q35-3jcc, CVE-2018-1000111
References: Repository: https://github.com/jenkinsci/subversion-plugin
Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:subversion
Affected Version Ranges: <= 2.10.2
Fixed in: 2.10.3