Incorrect Authorization in Jenkins Gerrit Trigger Plugin
Moderate severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Dec 18, 2023
Package
Affected versions
< 2.27.5
Patched versions
2.27.5
Description
Published by the National Vulnerability Database
Mar 13, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Nov 1, 2022
Last updated
Dec 18, 2023
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.
References