First published: Tue May 17 2022(Updated: )
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jenkins | <2-plugins-0:4.8.1672842762-1.el8 | 2-plugins-0:4.8.1672842762-1.el8 |
Jenkins Mercurial | <2.16.1 | |
Jenkins Git | <=4.11.1 | |
Jenkins Mercurial | <=2.16 | |
Jenkins Repo | <=1.14.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.