Main Vulnerability Database Vulnerabilities #VU63363

#VU63363 Information disclosure in Mercurial - CVE-2022-30948

Published: May 18, 2022

Vulnerability identifier: #VU63363

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-30948

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mercurial

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can configure pipelines to check out some SCM repositories stored on the Jenkins controller’s file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2022-05-17/

#VU63363 Information disclosure in Mercurial - CVE-2022-30948

Description

Remediation

External links

Please verify you're human