Information Disclosure Vulnerability in Jenkins Mercurial Plugin
CVE-2022-43410

5.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Mercurial Plugin
Vendor: CVE Published:; 19 October 2022

Summary

The Jenkins Mercurial Plugin, specifically versions 1251.va_b_121f184902 and earlier, contains a vulnerability that allows unauthorized access to information about triggered or scheduled jobs via its webhook endpoint. This flaw exposes job details to users who typically do not have permission to view that information, potentially leading to unauthorized insights into project activities and workflows.

Affected Version(s)

Jenkins Mercurial Plugin <= 1251.va_b_121f184902

References

https://www.jenkins.io/security/advisory/2022-10-19/#SECU...

http://www.openwall.com/lists/oss-security/2022/10/19/3

mailing-list

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 18, 2022