CVE-2018-1000111 Information

Description

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.

Vulnerability Type (CWE)

CWE-863

Published

2018-03-13

Last Modified

2019-10-03

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

5.3 MEDIUM

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-724 (Vendor Advisory)