Description
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-726
Related Vulnerabilities
CVE-2018-1000183 Vulnerability in maven package com.coravy.hudson.plugins.github:github
CVE-2022-37435 Vulnerability in maven package org.apache.shenyu:shenyu-admin
CVE-2023-2633 Vulnerability in maven package org.jenkins-ci.plugins:codedx
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-undertow
CVE-2019-18362 Vulnerability in maven package com.jetbrains:mps