Description
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726
Related Vulnerabilities
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-undertow
CVE-2022-45400 Vulnerability in maven package org.jvnet.hudson.plugins:japex
CVE-2017-15691 Vulnerability in maven package org.apache.uima:uimafit
CVE-2019-10450 Vulnerability in maven package com.elasticbox.jenkins-ci.plugins:elasticbox
CVE-2011-2731 Vulnerability in maven package org.springframework.security:spring-security-core