Improper Authorization Vulnerability in Jenkins Mercurial Plugin Allows Unauthorized Access to Node and User Information

Improper Authorization Vulnerability in Jenkins Mercurial Plugin Allows Unauthorized Access to Node and User Information

CVE-2018-1000112 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.

Learn more about our Network Penetration Testing.