CVE-2018-1000105

MEDIUM

Jenkins Gerrit Trigger Plugin <2.27.4 - Auth Bypass

Title source: llm

Description

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-402

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-863

Status published

Products (2)

com.sonyericsson.hudson.plugins.gerrit/gerrit-trigger 0 - 2.27.5Maven

jenkins/gerrit_trigger < 2.27.4

Published Mar 13, 2018

Tracked Since Feb 18, 2026