CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

CVE-2026-57285

CVE-2026-57285: A missing permission check in Jenkins GitHub Branch Source Plugin (versions 1967.1969.v205fd594c821 and earlier) allows users with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration. Affected component: Jenkins Git...

EUVD-2026-38765

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

Missing Authorization

Overview org.jenkins-ci.plugins:github-branch-source is a multibranch projects and organization folders from GitHub. Maintained by CloudBees, Inc. Affected versions of this package are vulnerable to Missing Authorization in the GitHubAppCredentials descriptor through the testConnection handler. A...

io.jenkins.blueocean:blueocean (>=1.27.17 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2026-42522 via org.jenkins-ci.plugins:github-branch-source (>=1793.v1831e9c68d77 <=1967.vdea_d580c1a_b_a_)

org.jenkins-ci.plugins:github-branch-source MAVEN version =1793.v1831e9c68d77, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =634.v371dc6d978a3, =1.83.v5bff0e55cd2d, =4.204.vf74143795d5f, =611.v70d151e60ec4, =685.v53b070455063 - org.jenkins-ci.plugins:pipeline-github...

Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test

Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier do not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials. GitHub...

GHSA-WG26-8WMJ-CF9P Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test

Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier do not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials. GitHub...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

Jenkins GitHub Branch Source Plugin 安全漏洞

Jenkins GitHub Branch Source Plugin is an open-source plugin for Jenkins that provides continuous integration capabilities, enabling discovery of code hosting platforms and the selection of build branches. The Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier contain...

PT-2026-35916

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea d580c1a b a and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

EUVD-2022-0718

Malicious code in bioql PyPI...

EUVD-2022-5509

Malicious code in bioql PyPI...

EUVD-2024-0341

Malicious code in bioql PyPI...

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

The vulnerability of the Jenkins Bitbucket Branch Source Plugin, related to the disclosure of information through registration files, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins Bitbucket Branch Source Plugin is related to the disclosure of information through registration files. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2024-39460

A vulnerability was found in Jenkins Bitbucket. In some cases, it prints the Bitbucket OAuth access token as part of the Bitbucket URL...

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.vad359b3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the...