Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9
Jenkins Subversion Plugin Incorrect Authorization vulnerability
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java
and SubversionRepositoryStatus.java
that allows an attacker with network access to obtain a list of nodes and users. As of version 2.10.3, the class handling requests to /subversion/ no longer extends the class handling requests to the …/search/ sub-path, therefore any such requests will fail.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 10 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-w9gq-8q35-3jcc, CVE-2018-1000111
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000111
- https://jenkins.io/security/advisory/2018-02-26/#SECURITY-724
- https://github.com/advisories/GHSA-w9gq-8q35-3jcc
Affected Packages
maven:org.jenkins-ci.plugins:subversion
Versions: <= 2.10.2Fixed in: 2.10.3