Main Vulnerability Database Vulnerabilities #VU68544

Information disclosure in Mercurial - CVE-2022-43410

Published: October 20, 2022

Vulnerability identifier: #VU68544

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-43410

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mercurial

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2022-10-19/

Information disclosure in Mercurial - CVE-2022-43410

Description

Remediation

External links

Please verify you're human