Description
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726
Related Vulnerabilities
CVE-2017-1000356 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-36060 Vulnerability in npm package matrix-react-sdk
CVE-2015-5345 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2018-10862 Vulnerability in maven package org.wildfly.core:wildfly-deployment-repository