Описание
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.16.1 (исключая)
cpe:2.3:a:jenkins:mercurial:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 87%
0.03261
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
redhat
больше 3 лет назад
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
EPSS
Процентиль: 87%
0.03261
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo