CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43410 – jenkins-plugin/mercurial: Webhook endpoint discloses job names to unauthorized users in Mercurial Plugin
https://notcve.org/view.php?id=CVE-2022-43410
19 Oct 2022 — Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. Jenkins Mercurial Plugin versiones 1251.va_b_121f184902 y anteriores, proporciona información sobre los trabajos que se activaron o programaron para el sondeo mediante su endpoint de webhook, incluidos los trabajos a los que el usuario no presenta permiso para acceder An information leak was ... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30948 – plugin: Mercurial SCM plugin can check out from the controller file system
https://notcve.org/view.php?id=CVE-2022-30948
17 May 2022 — Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. El plugin Jenkins Mercurial versiones 2.16 y anteriores, permiten a atacantes configurar los pipelines para comprobar algunos repositorios SCM almacenados en el sistema de archivos del controlador Jenkins usando rutas locales como URLs SCM, obten... • http://www.openwall.com/lists/oss-security/2022/05/17/8 • CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2305 – jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks
https://notcve.org/view.php?id=CVE-2020-2305
04 Nov 2020 — Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Mercurial Plugin versiones 2.11 y anteriores, no configura su analizador XML para impedir ataques de tipo XML external entity (XXE) A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity (XXE) attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2115 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2306 – jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure
https://notcve.org/view.php?id=CVE-2020-2306
04 Nov 2020 — A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. Una falta de comprobación de permisos en Jenkins Mercurial Plugin versiones 2.11 y anteriores, permite a atacantes con permiso Overall/Read obtener una lista de nombres de instalaciones Mercurial configuradas Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for ... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2104 • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4237
https://notcve.org/view.php?id=CVE-2010-4237
29 Oct 2019 — Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. Mercurial versiones anteriores a 1.6.4, no puede comprobar el campo Common Name de los certificados SSL lo que permite a atacantes remotos que adquieren un certificado firmado por una Autoridad Certificada llevar a cabo un ataque de tipo man-in-the-middle. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 1%CPEs: 3EXPL: 0CVE-2019-3902 – Ubuntu Security Notice USN-5102-1
https://notcve.org/view.php?id=CVE-2019-3902
22 Apr 2019 — A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. Se encontró un defecto en Mercurial, en versiones anteriores a la 4.9. Era posible utilizar enlaces simbólicos y subrepositorios para acabar con la lógica de comprobación de rutas de Mercurial y escribir archivos fuera de un repositorio. It was discovered that Mercurial mishandled symlinks in subrepositories. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17983 – Ubuntu Security Notice USN-5102-1
https://notcve.org/view.php?id=CVE-2018-17983
04 Oct 2018 — cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. cext/manifest.c en Mercurial en versiones anteriores a la 4.7.2 tiene una lectura fuera de límites durante el análisis de una entrada manifest mal formada. It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. It was discovered that Mercurial incorrectly handled certain manifest files. An att... • https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13346 – mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply()
https://notcve.org/view.php?id=CVE-2018-13346
06 Jul 2018 — The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. La función mpatch_apply en mpatch.c en Mercurial en versiones anteriores a la 4.6.1 procede incorrectamente en casos en los que el inicio del fragmento está tras el final de los datos originales. Esto también se conoce como OVE-20180430-0004. Mercurial is a fast, lightweight source control management system designed for efficient ... • https://access.redhat.com/errata/RHSA-2019:2276 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13347 – mercurial: Buffer underflow in mpatch.c:mpatch_apply()
https://notcve.org/view.php?id=CVE-2018-13347
06 Jul 2018 — mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. mpatch.c en Mercurial en versiones anteriores a la 4.6.1 gestiona de manera incorrecta la suma y resta de enteros. Esto también se conoce como OVE-20180430-0002. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Issues addressed include a bypass vulnerability. • https://access.redhat.com/errata/RHSA-2019:2276 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13348
https://notcve.org/view.php?id=CVE-2018-13348
06 Jul 2018 — The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. La función mpatch_decode en mpatch.c en Mercurial en versiones anteriores a la 4.6.1 gestiona de manera incorrecta ciertas situaciones en las que debería haber, al menos, 12 bytes sobrantes tras la posición actual en los datos del parche, pero en realidad no los hay. Esto tam... • https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html • CWE-20: Improper Input Validation •