CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43410 – jenkins-plugin/mercurial: Webhook endpoint discloses job names to unauthorized users in Mercurial Plugin
https://notcve.org/view.php?id=CVE-2022-43410
19 Oct 2022 — Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. Jenkins Mercurial Plugin versiones 1251.va_b_121f184902 y anteriores, proporciona información sobre los trabajos que se activaron o programaron para el sondeo mediante su endpoint de webhook, incluidos los trabajos a los que el usuario no presenta permiso para acceder An information leak was ... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30948 – plugin: Mercurial SCM plugin can check out from the controller file system
https://notcve.org/view.php?id=CVE-2022-30948
17 May 2022 — Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. El plugin Jenkins Mercurial versiones 2.16 y anteriores, permiten a atacantes configurar los pipelines para comprobar algunos repositorios SCM almacenados en el sistema de archivos del controlador Jenkins usando rutas locales como URLs SCM, obten... • http://www.openwall.com/lists/oss-security/2022/05/17/8 • CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2305 – jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks
https://notcve.org/view.php?id=CVE-2020-2305
04 Nov 2020 — Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Mercurial Plugin versiones 2.11 y anteriores, no configura su analizador XML para impedir ataques de tipo XML external entity (XXE) A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity (XXE) attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2115 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2306 – jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure
https://notcve.org/view.php?id=CVE-2020-2306
04 Nov 2020 — A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. Una falta de comprobación de permisos en Jenkins Mercurial Plugin versiones 2.11 y anteriores, permite a atacantes con permiso Overall/Read obtener una lista de nombres de instalaciones Mercurial configuradas Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for ... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2104 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000112
https://notcve.org/view.php?id=CVE-2018-1000112
13 Mar 2018 — An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. Existe una vulnerabilidad de autorización incorrecta en el plugin Mercurial para Jenkins, en versiones 2.2 y anteriores, en MercurialStatus.java que permite que un atacante con acceso de red obtenga una lista de nodos y usuarios. • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726 • CWE-863: Incorrect Authorization •