CVE-2018-1000111

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.10.2 and earlier

Description: An improper authorization issue exists that allows an attacker with network access to obtain a list of nodes and users. This is due to a problem in SubversionStatus.java and SubversionRepositoryStatus.java. The issue is resolved in version 2.10.3, where the class handling requests to "/subversion/" no longer extends the class handling requests to the "/search/" sub-path, causing such requests to fail.

Recommendations: For Jenkins Subversion Plugin versions 2.10.2 and earlier, update to version 2.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /subversion/ endpoint and the SubversionStatus.java and SubversionRepositoryStatus.java classes until a patch is applied.