164 matches found
go-git: Maliciously crafted Git server replies can cause DoS on go-git clients
A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...
The vulnerability of the args4j plugin for Jenkins’ Git server allows a hacker to read the first two lines of arbitrary files.
The vulnerability of the args4j library plugin for Jenkins’ Git server plugin is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to read the first two lines of arbitrary files...
Arbitrary File Read
Jenkins Git server Plugin is vulnerable to Information Disclosure. The vulnerability is caused due to a lack of proper input validation in the Git Server Plugin's command parser feature. This allows an attacker with Overall/Read permission to read content from arbitrary files on the Jenkins...
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
...
Maliciously crafted Git server replies can cause DoS on go-git clients
...
CVE-2024-23899
A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...
GHSA-VPH5-2Q33-7R9H Arbitrary file read vulnerability in Git server Plugin can lead to RCE
Jenkins Git server Plugin uses the args4j library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents...
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
Jenkins Git server Plugin uses the args4j library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents...
CVE-2024-23899
Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...
CVE-2024-23899
Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...
Double free
Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...
CVE-2024-23899
Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...
CVE-2024-23899
Technical details about CVE-2024-23899 are not publicly available in the connected documents provided. The initial description contains some specifics, but no further technical root cause, affected versions, or fixes are confirmed here. Monitor for updates.
CVE-2024-23899
Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...
Jenkins Plugin Git server security vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins plugins Multiple Vulnerabilities (2024-01-24)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character...
PT-2024-1425 · Jenkins +1 · Jenkins Git Server Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Git server Plugin versions 99.va 0826a b cdfa d and earlier Description: The issue is related to the command parser feature in the Jenkins Git server Plugin that replaces an '@' character followed by a file path in an argument with th...
CVE-2023-49568
A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients. Mitigation In cases where a bump to...
CVE-2023-49568
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
Design/Logic Flaw
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...