GHSA-8XWJ-2WGH-GPRH Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

PT-2022-4996 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.3 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to insufficient authentication of requests. This allows attackers to trigger builds of jobs configured to use an...

PT-2021-14727 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.8.2 and earlier Description: The issue arises from the failure to escape Git SHA-1 checksum parameters provided to commit notifications when displayed in a build cause, resulting in a stored cross-site scripting...