Mercurial Security Vulnerabilities and Issues — Mercurial CVE List

Lucene search

JenkinsMercurial

2 matches found

CVE•added 2020/11/04 3:15 p.m.•135 views

CVE-2020-2306

A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.

4.3CVSS4.4AI score0.00064EPSS

CVE•added 2020/11/04 3:15 p.m.•134 views

CVE-2020-2305

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

6.5CVSS6.5AI score0.00546EPSS