{"id":"GHSA-4vf2-cm23-rf4c","summary":"Incorrect Authorization in Jenkins Gerrit Trigger Plugin","details":"An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.","aliases":["CVE-2018-1000106"],"modified":"2024-02-16T08:09:33.928614Z","published":"2022-05-13T01:48:31Z","database_specific":{"cwe_ids":["CWE-863"],"nvd_published_at":"2018-03-13T13:29:00Z","severity":"MODERATE","github_reviewed_at":"2022-11-01T22:47:40Z","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000106"},{"type":"WEB","url":"https://github.com/jenkinsci/gerrit-trigger-plugin/commit/a222f2d9d1bca3422e6a462a7f587ae325455b80"},{"type":"WEB","url":"https://jenkins.io/security/advisory/2018-02-26/#SECURITY-403"}],"affected":[{"package":{"name":"com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger","ecosystem":"Maven","purl":"pkg:maven/com.sonyericsson.hudson.plugins.gerrit/gerrit-trigger"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.5"}]}],"versions":["2.0","2.1.0","2.10.0","2.10.1","2.11.0","2.11.0-beta-1","2.11.0-beta-2","2.11.0-beta-3","2.11.0-beta-4","2.11.1","2.12.0","2.12.0-beta-1","2.12.0-beta-2","2.12.0-beta-3","2.12.0-beta-4","2.12.0-beta-5","2.13.0","2.13.0-beta-2","2.13.0-beta-3","2.13.0-beta-4","2.13.0-beta-5","2.13.0-beta-6","2.14.0","2.14.0-beta-1","2.14.0-beta-2","2.14.0-beta-3","2.15.0","2.15.0-beta-1","2.15.1","2.15.2","2.16.0","2.17.0","2.17.1","2.17.2","2.17.3","2.17.4","2.17.5","2.18.0","2.18.1","2.18.2","2.18.3","2.18.4","2.19.0","2.2.0","2.20.0","2.21.0","2.21.1","2.22.0","2.22.0-beta-1","2.23.0","2.23.1","2.23.2","2.23.3","2.24.0","2.25.0","2.26.0","2.26.1","2.26.2","2.27.0","2.27.1","2.27.2","2.27.3","2.27.4","2.3.0","2.3.1","2.4.0","2.5.0","2.5.1","2.5.2","2.6.0","2.7.0","2.8.0","2.9.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4vf2-cm23-rf4c/GHSA-4vf2-cm23-rf4c.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}]}