CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

jenkins

mercurial

5 known vulnerabilities · sorted by CVSS score

CVE-2022-30948

HIGH7.5

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

jenkins / mercurial

Network

Published May 17, 2022

CVE-2020-2305

MEDIUM6.5

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

jenkins / mercurial

Network

Published Nov 4, 2020

CVE-2018-1000112

MEDIUM5.3

An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.

jenkins / mercurial

Network

Published Mar 13, 2018

CVE-2022-43410

MEDIUM5.3

Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.

jenkins / mercurial

Network

Published Oct 19, 2022

CVE-2020-2306

MEDIUM4.3

A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.

jenkins / mercurial

Network

Published Nov 4, 2020