Incorrect Authorization in Jenkins Git Plugin

GHSA-46p2-fwqg-3h6m · CVE-2018-1000110

Published May 13, 2022 · Modified Nov 8, 2023

Description

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-1000110
WEB https://github.com/jenkinsci/git-plugin/commit/a3d3a7eb7f75bfe97a0291e3b6d074aafafa86c9
PACKAGE https://github.com/jenkinsci/git-plugin
WEB https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes