Lucene search
K

92 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.7 views

CVE-2026-57282

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

5CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57282

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.6 views

EUVD-2026-38762

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

5CVSS6.2AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57282

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

5CVSS6.2AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51792

Name of the Vulnerable Software and Affected Versions Jenkins Git client Plugin versions prior to 6.6.1 Description An issue exists where the workspace directory name is not correctly escaped when embedded into a generated SSH wrapper script. This allows attackers who can control the name of a...

5CVSS6.1AI score0.00207EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Jenkins plugins Multiple Vulnerabilities (2026-06-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:2478)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2478 advisory. - jenkins-git-client-plugin: OS command injection via 'git ls-remote' CVE-2019-10392 - jenkins-script-security-plugin: sandbox...

8.8CVSS6.2AI score0.25779EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.10.41 (RHSA-2022:7865)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7865 advisory. - jenkins-plugin: Man-in-the-Middle MitM in org.jenkins-ci.plugins:git-client CVE-2022-36881 Note that Nessus has not tested for this issue b...

8.1CVSS7.3AI score0.00783EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS7AI score0.00179EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 5:8 a.m.6 views

OS Command Injection

Jenkins Git Client Plugin is vulnerable to OS Command Injection. The vulnerability is due to improper escaping of the workspace directory path when constructing arguments in a temporary shell script, where an attacker who can control the workspace directory name can inject and execute arbitrary...

5CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/12/13 4:48 a.m.6 views

Information Disclosure

Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...

4.3CVSS6.9AI score0.00288EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.9 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1) +150 more potentially affected by CVE-2025-67640 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=6.4.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =29.v7c3891a434c3, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2025-67640 Source advisory: OSV:GHSA-V8HG-M323-JVJQ...

5CVSS5.8AI score0.00179EPSS
Exploits0
Snyk
Snyk
added 2025/12/10 6:30 p.m.3 views

Command Injection

Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Command Injection due to improper escaping of command arguments when generating temporary credential. An attacker can execute arbitrary operating system commands by...

6.3CVSS7.9AI score0.00179EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.11 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), com.coravy.hudson.plugins.github:github (>=1.41.0 <=1.46.0.1) +37 more potentially affected by CVE-2025-67640 via org.jenkins-ci.plugins:git-client (>=6.1.0 <=6.4.0)

org.jenkins-ci.plugins:git-client MAVEN version =6.1.0, =37.v0d3157c4aef8, =1.41.0, =61.vf6d8f6f5ed02, =1.1.0.825.v30618768da42, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.0.0, =3.2083.vd36f32376929, =530.v38d502df428f, =634.v371dc6d978a3, =679.v74133dab435a and more...

5CVSS5.4AI score0.00179EPSS
Exploits0
EUVD
EUVD
added 2025/12/10 6:30 p.m.7 views

EUVD-2025-202456

Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin...

5CVSS7.2AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2025/12/10 6:30 p.m.3 views

GHSA-V8HG-M323-JVJQ Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS5.9AI score0.00179EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.13 views

Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS7AI score0.00179EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/10 5:15 p.m.14 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS0.00179EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 4:50 p.m.17 views

CVE-2025-67640

Jenkins Git client Plugin vulnerability CVE-2025-67640 affects versions 6.4.0 and earlier. The issue arises from improper escaping of the workspace directory path in a temporary shell script generated by the plugin, enabling an attacker who controls the workspace name to inject and execute arbitr...

5CVSS6.6AI score0.00179EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/10 4:50 p.m.29 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

0.00179EPSS
Exploits0References1
Rows per page
Query Builder