Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1pzb-gkrf-m3hq
Summary
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Mercurial Plugin provides a webhook endpoint at `/mercurial/notifyCommit` that can be used to notify Jenkins of changes to an SCM repository. This endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. It can be accessed with GET requests and without authentication.

In Mercurial Plugin 1251.va_b_121f184902 and earlier, the output of the webhook endpoint will provide information about which jobs were triggered or scheduled for polling, including jobs the user has no permission to access. This allows attackers with knowledge of Mercurial repository URLs to obtain information about the existence of jobs configured with this Mercurial repository.

Mercurial Plugin 1260.vdfb_723cdcc81 does not provide the names of jobs for which polling is triggered unless the user has the appropriate Item/Read permission.
Aliases
0
alias CVE-2022-43410
1
alias GHSA-j7pg-863g-22p6
Fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/mercurial@1260.vdfb_723cdcc81
purl pkg:maven/org.jenkins-ci.plugins/mercurial@1260.vdfb_723cdcc81
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mercurial@1260.vdfb_723cdcc81
Affected_packages
0
url pkg:maven/org.jenkins-ci.plugins/mercurial@1251.va_b_121f184902
purl pkg:maven/org.jenkins-ci.plugins/mercurial@1251.va_b_121f184902
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzb-gkrf-m3hq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mercurial@1251.va_b_121f184902
1
url pkg:rpm/redhat/jenkins-2-plugins@4.12.1675702407-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.12.1675702407-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pzb-gkrf-m3hq
1
vulnerability VCID-1tha-u7dt-tfc9
2
vulnerability VCID-2zhb-qfhq-xkdp
3
vulnerability VCID-73th-g3mx-dqf1
4
vulnerability VCID-9h46-72hw-bkcr
5
vulnerability VCID-atqg-nfz6-zyfs
6
vulnerability VCID-k6wy-rwhv-ckd2
7
vulnerability VCID-n5vc-ggjg-kfc1
8
vulnerability VCID-netd-rr9e-wbg5
9
vulnerability VCID-pnge-tumu-v7e2
10
vulnerability VCID-rs56-6qvx-vucg
11
vulnerability VCID-rxtr-936k-h3cc
12
vulnerability VCID-s839-rpta-6bej
13
vulnerability VCID-tx8n-nmhx-gqg1
14
vulnerability VCID-v2pq-1qhm-4qb9
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1675702407-1%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43410.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43410.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43410
reference_id
reference_type
scores
0
value 0.00513
scoring_system epss
scoring_elements 0.66711
published_at 2026-05-14T12:55:00Z
1
value 0.00513
scoring_system epss
scoring_elements 0.66555
published_at 2026-04-11T12:55:00Z
2
value 0.00513
scoring_system epss
scoring_elements 0.66543
published_at 2026-04-12T12:55:00Z
3
value 0.00513
scoring_system epss
scoring_elements 0.66511
published_at 2026-04-13T12:55:00Z
4
value 0.00513
scoring_system epss
scoring_elements 0.66547
published_at 2026-04-16T12:55:00Z
5
value 0.00513
scoring_system epss
scoring_elements 0.66564
published_at 2026-04-18T12:55:00Z
6
value 0.00513
scoring_system epss
scoring_elements 0.66548
published_at 2026-04-21T12:55:00Z
7
value 0.00513
scoring_system epss
scoring_elements 0.66572
published_at 2026-04-24T12:55:00Z
8
value 0.00513
scoring_system epss
scoring_elements 0.66588
published_at 2026-04-29T12:55:00Z
9
value 0.00513
scoring_system epss
scoring_elements 0.66563
published_at 2026-05-05T12:55:00Z
10
value 0.00513
scoring_system epss
scoring_elements 0.66608
published_at 2026-05-07T12:55:00Z
11
value 0.00513
scoring_system epss
scoring_elements 0.66651
published_at 2026-05-09T12:55:00Z
12
value 0.00513
scoring_system epss
scoring_elements 0.66624
published_at 2026-05-11T12:55:00Z
13
value 0.00513
scoring_system epss
scoring_elements 0.66645
published_at 2026-05-12T12:55:00Z
14
value 0.00513
scoring_system epss
scoring_elements 0.66477
published_at 2026-04-02T12:55:00Z
15
value 0.00513
scoring_system epss
scoring_elements 0.66503
published_at 2026-04-04T12:55:00Z
16
value 0.00513
scoring_system epss
scoring_elements 0.66474
published_at 2026-04-07T12:55:00Z
17
value 0.00513
scoring_system epss
scoring_elements 0.66523
published_at 2026-04-08T12:55:00Z
18
value 0.00513
scoring_system epss
scoring_elements 0.66536
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43410
2
reference_url https://github.com/jenkinsci/mercurial-plugin
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/mercurial-plugin
3
reference_url https://github.com/jenkinsci/mercurial-plugin/commit/dfb723cdcc815875cdf63abd32e314ced5e95ac9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/mercurial-plugin/commit/dfb723cdcc815875cdf63abd32e314ced5e95ac9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43410
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43410
5
reference_url https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:21:54Z/
url https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831
6
reference_url http://www.openwall.com/lists/oss-security/2022/10/19/3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:21:54Z/
url http://www.openwall.com/lists/oss-security/2022/10/19/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2136369
reference_id 2136369
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2136369
8
reference_url https://github.com/advisories/GHSA-j7pg-863g-22p6
reference_id GHSA-j7pg-863g-22p6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j7pg-863g-22p6
9
reference_url https://access.redhat.com/errata/RHSA-2023:1064
reference_id RHSA-2023:1064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1064
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1pzb-gkrf-m3hq