Vulnerabilities > CVE-2018-1000105 - Incorrect Authorization vulnerability in Jenkins Gerrit Trigger

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jenkins
CWE-863
NVD
Published: 2018-03-13
Updated: 2019-10-03

Summary

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.

Vulnerable Configurations

Part Description Count
Application
Jenkins
73

Common Weakness Enumeration (CWE)

References