CVSS Rating: 5.3 (medium)
Disclosing Company: Rhino Security Labs
Date: 03/13/2018
Status: Published
Affected software/version:Jenkins GIT version 3.7.0
Jenkins:
MITRE
NIST
03/13/2018
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
5.3 (Medium)
1.4
3.9
Network
Attack Complexity (AC)Low Privileges Required (PR)None User Interaction (UI)None Scope (S)Unchanged
Confidentiality (C)Low Integrity (I)None Availability (A)None