Missing Authorization

Overview org.jenkins-ci.plugins:github-branch-source is a multibranch projects and organization folders from GitHub. Maintained by CloudBees, Inc. Affected versions of this package are vulnerable to Missing Authorization in the GitHubAppCredentials descriptor through the testConnection handler. A...

io.jenkins.blueocean:blueocean (>=1.27.17 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +9 more potentially affected by CVE-2026-42522 via org.jenkins-ci.plugins:github-branch-source (>=1793.v1831e9c68d77 <=1967.vdea_d580c1a_b_a_)

org.jenkins-ci.plugins:github-branch-source MAVEN version =1793.v1831e9c68d77, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =634.v371dc6d978a3, =1.83.v5bff0e55cd2d, =4.204.vf74143795d5f, =611.v70d151e60ec4, =685.v53b070455063 Source cves: CVE-2026-42522 Source advisory:...

GHSA-WG26-8WMJ-CF9P Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test

Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier do not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials. GitHub...

Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test

Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier do not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials. GitHub...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

PT-2026-35916

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea d580c1a b a and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

Jenkins GitHub Branch Source Plugin 安全漏洞

Jenkins GitHub Branch Source Plugin is an open-source plugin for Jenkins that provides continuous integration capabilities, enabling discovery of code hosting platforms and the selection of build branches. The Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier contain...

EUVD-2022-5509

Malicious code in bioql PyPI...

EUVD-2022-0718

Malicious code in bioql PyPI...

EUVD-2024-0341

Malicious code in bioql PyPI...

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2024-39460

A vulnerability was found in Jenkins Bitbucket. In some cases, it prints the Bitbucket OAuth access token as part of the Bitbucket URL...

GHSA-X8MF-JCMF-R79F Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.vad359b3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the...

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.vad359b3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the...

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2024-39460 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2024-39460 Source advisory: OSV:GHSA-X8MF-JCMF-R79F...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases...

CVE-2024-39460

Summary: CVE-2024-39460 affects Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier. In certain cases it prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log, exposing credentials. The OSV entry notes that plugin 887.va_d359b_3d2d8d does not inclu...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases...