Vulnerabilities > CVE-2018-1000106 - Incorrect Authorization vulnerability in Jenkins Gerrit Trigger

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
LOW
network
low complexity
jenkins
CWE-863
NVD
Published: 2018-03-13
Updated: 2019-10-03

Summary

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.

Vulnerable Configurations

Part Description Count
Application
Jenkins
73

Common Weakness Enumeration (CWE)

References