CVE-2020-2306

Summary

A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Mercurial Pluginunspecified <= 2.11affected
Jenkins projectJenkins Mercurial Plugin2.10.1unaffected
Jenkins projectJenkins Mercurial Plugin2.9.1unaffected
Jenkins projectJenkins Mercurial Plugin2.8.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References