Improper Authorization in Jenkins Git Plugin Affects Users
CVE-2018-1000110

5.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Git
Vendor: CVE Published:; 13 March 2018

Summary

An improper authorization vulnerability in the Jenkins Git Plugin has been identified, affecting versions up to 3.7.0. This flaw allows an attacker with network access to gain unauthorized visibility of sensitive information, including a list of nodes and users, which could be leveraged for further malicious actions. Users are advised to update to the latest version to mitigate potential risks associated with this vulnerability.

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 13, 2018