Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Git Client Security Vulnerabilities

cve
cve

CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle...

8.1CVSS

7.8AI Score

0.002EPSS

2022-07-27 03:15 PM
85
4
cve
cve

CVE-2020-26233

Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and....

7.3CVSS

7AI Score

0.001EPSS

2020-12-08 08:15 PM
25
2
cve
cve

CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before...

9.8CVSS

9.1AI Score

0.944EPSS

2020-02-12 02:15 AM
146
cve
cve

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command...

8.8CVSS

8.8AI Score

0.947EPSS

2019-09-12 02:15 PM
131
cve
cve

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a....

8.8CVSS

8.4AI Score

0.002EPSS

2018-02-09 11:29 PM
53
2
cve
cve

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information...

3.3CVSS

3.8AI Score

0.0004EPSS

2017-11-01 01:29 PM
49
cve
cve

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted...

7.5CVSS

7.4AI Score

0.001EPSS

2017-10-05 01:29 AM
52
cve
cve

CVE-2015-8968

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone,....

8.8CVSS

8.7AI Score

0.009EPSS

2016-11-03 10:59 AM
49