109 matches found
The vulnerability of the Jenkins GitLab Branch Source Plugin, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to confidential information.
The vulnerability of the Jenkins GitLab Branch Source Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to confidential information...
The vulnerability of the Jenkins GitLab Branch Source Plugin, related to the manipulation of cross-site requests, allows a perpetrator to perform CSRF attacks.
The vulnerability of the Jenkins GitLab Branch Source Plugin is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of the Jenkins GitLab Branch Source Plugin, related to access control deficiencies, allows attackers to configure and jointly use arbitrary projects.
The vulnerability of the Jenkins GitLab Branch Source Plugin is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to configure and jointly use arbitrary projects...
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not use a constant-time comparison function when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. GitLab...
CVE-2024-23902
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
CVE-2024-23902
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Information disclosure
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2024-23902
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2024-23903
CVE-2024-23903 affects Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier, which uses a non-constant time comparison for validating webhook tokens. This non-constant-time check can enable attackers to infer a valid webhook token via statistical analysis. The connected GitHub advi...
CVE-2024-23902
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2024-23901
The CVE concerns Jenkins GitLab Branch Source Plugin versions 684.vea_fa_7c1e2fe3 and earlier. The vulnerability is that the plugin unconditionally discovers projects shared with the configured owner group, enabling attackers to configure and share a project, which can cause Jenkins to build a cr...
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
Jenkins Plugin GitLab Branch Source Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...