CVE-2018-1000110 — Incorrect Authorization in Jenkins Git Plugin

Description

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.

How to fix CVE-2018-1000110

To remediate CVE-2018-1000110, upgrade the affected package to a fixed version below.

Maven/org.jenkins-ci.plugins:git—upgrade to 3.8.0 or later

Is CVE-2018-1000110 being exploited?

Moderate — EPSS is 11.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 3.8.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-1000110
PATCHgithub.com/jenkinsci/git-plugin
WEBgithub.com/jenkinsci/git-plugin/commit/a3d3a7eb7f75bfe97a0291e3b6d074aafafa86c9
WEBjenkins.io/security/advisory/2018-02-26/#SECURITY-723