Description
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-402
Related Vulnerabilities
CVE-2021-22097 Vulnerability in maven package org.springframework.amqp:spring-amqp
CVE-2018-1000665 Vulnerability in maven package org.apache.geronimo.plugins:dojo
CVE-2020-2254 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent
CVE-2018-17244 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2019-1003049 Vulnerability in maven package org.jenkins-ci.main:jenkins-core