CVE-2018-1000106

Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.27.4 and earlier

Description: An improper authorization issue exists that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. This issue is related to the GerritManagement.java, GerritServer.java, and PluginImpl.java files.

Recommendations: For Jenkins Gerrit Trigger Plugin versions 2.27.4 and earlier, consider restricting access to the configuration modification functionality until a fix is available. As a temporary workaround, review and limit the Overall/Read access permissions to prevent unauthorized modifications to the Gerrit configuration.