CVE-2018-1000106
MEDIUM5.4EPSS 0.06%Incorrect Authorization in Jenkins Gerrit Trigger Plugin
Published: 5/13/2022Modified: 2/16/2024
Also known as:GHSA-4vf2-cm23-rf4c
Description
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.
Affected packages (1)
- Maven/com.sonyericsson.hudson.plugins.gerrit:gerrit-triggerfrom 0, < 2.27.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |