Rhino Security Labs

Jenkins Information Disclosure to Unauthenticated Users

Vulnerability Details

CVSS Rating: 5.3 (medium)

CVE-2018-1000110

Disclosing Company: Rhino Security Labs

Date: 03/13/2018

Status: Published

Affected software/version:
Jenkins GIT version 3.7.0

Disclosure

Rhino Security Labs References

Disclosure Date

03/13/2018

Vulnerability Description

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.

CVSS Metrics

CVSS Rating (version 3.0)

5.3 (Medium)

Impact Score

Exploitability Score

1.4

3.9

Attack Vector

Network

Attack Complexity (AC)Low Privileges Required (PR)None User Interaction (UI)None Scope (S)Unchanged

Confidentiality (C)Low Integrity (I)None Availability (A)None