CVE-2018-1000105

Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.27.4 and earlier

Description: An improper authorization issue exists that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins. This is due to vulnerabilities in GerritManagement.java, GerritServer.java, and PluginImpl.java.

Recommendations: For versions 2.27.4 and earlier, update to a version later than 2.27.4 to resolve the issue. As a temporary workaround, consider restricting Overall/Read access to minimize the risk of exploitation.