Vulnerability Details CVE-2018-1000106
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 5.5
References
Products affected by CVE-2018-1000106
-
cpe:2.3:a:jenkins:gerrit_trigger:2.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.1.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.10.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.10.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.11.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.11.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.12.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.13.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.14.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.15.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.15.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.15.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.16.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.4
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.5
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.4
-
cpe:2.3:a:jenkins:gerrit_trigger:2.19.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.20.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.21.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.21.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.22.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.23.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.23.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.23.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.23.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.24.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.25.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.26.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.26.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.26.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.4
-
cpe:2.3:a:jenkins:gerrit_trigger:2.3.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.3.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.4.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.5.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.5.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.5.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.6.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.7.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.8.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.9.0