A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Mercurial |
Jenkins |
* |
2.11 (including) |
References