Description
Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.
Remediation
References
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831
http://www.openwall.com/lists/oss-security/2022/10/19/3
Related Vulnerabilities
CVE-2020-11988 Vulnerability in maven package org.apache.xmlgraphics:xmlgraphics-commons
CVE-2017-1000395 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-34802 Vulnerability in maven package org.jenkins-ci.plugins:rocketchatnotifier
CVE-2017-4971 Vulnerability in maven package org.springframework.webflow:spring-webflow
CVE-2018-1000865 Vulnerability in maven package org.kohsuke:groovy-sandbox