CVE-2018-1000105

2018-03-1313:29:00

Google

osv.dev

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.

CPENameOperatorVersion
gerrit-trigger-plugineqgerrit-trigger-2.12.0
gerrit-trigger-plugineqgerrit-trigger-2.12.0-beta-1
gerrit-trigger-plugineqgerrit-trigger-2.15.0-beta-1
gerrit-trigger-plugineqgerrit-trigger-2.13.0-beta-3
gerrit-trigger-plugineqgerrit-trigger-2.14.0-beta-2
gerrit-trigger-plugineqgerrit-trigger-2.15.2
gerrit-trigger-plugineqgerrit-trigger-2.12.0-beta-4
gerrit-trigger-plugineqgerrit-trigger-2.26.0
gerrit-trigger-plugineqgerrit-trigger-2.27.1
gerrit-trigger-plugineqgerrit-trigger-2.4.0

Name	Operator	Version
gerrit-trigger-plugin	eq	gerrit-trigger-2.12.0
gerrit-trigger-plugin	eq	gerrit-trigger-2.12.0-beta-1
gerrit-trigger-plugin	eq	gerrit-trigger-2.15.0-beta-1
gerrit-trigger-plugin	eq	gerrit-trigger-2.13.0-beta-3
gerrit-trigger-plugin	eq	gerrit-trigger-2.14.0-beta-2
gerrit-trigger-plugin	eq	gerrit-trigger-2.15.2
gerrit-trigger-plugin	eq	gerrit-trigger-2.12.0-beta-4
gerrit-trigger-plugin	eq	gerrit-trigger-2.26.0
gerrit-trigger-plugin	eq	gerrit-trigger-2.27.1
gerrit-trigger-plugin	eq	gerrit-trigger-2.4.0