Vulnerabilities > Jenkins > Mercurial > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2022-43410 | Unspecified vulnerability in Jenkins Mercurial Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. | 5.3 |
| 2020-11-04 | CVE-2020-2306 | Unspecified vulnerability in Jenkins Mercurial A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. | 4.3 |
| 2020-11-04 | CVE-2020-2305 | Unspecified vulnerability in Jenkins Mercurial Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2018-03-13 | CVE-2018-1000112 | Incorrect Authorization vulnerability in Jenkins Mercurial An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |