Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.
CPE | Name | Operator | Version |
---|---|---|---|
github_branch_source | eq | <= 684.veafa7c1e2fe3 |