Lucene search
K

841 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 3:30 p.m.12 views

Jenkins GitHub Plugin has an XSS vulnerability

In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...

9CVSS5.9AI score0.00281EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/29 2:16 p.m.6 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

9CVSS0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

4.8AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.33 views

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

4.3CVSS5.2AI score0.00184EPSS
Exploits0References2
CVE
CVE
added 2026/04/29 1:31 p.m.50 views

CVE-2026-42519

The provided documents describe CVE-2026-42519 as a vulnerability in the Jenkins Script Security Plugin (version 1399.ve6a_66547f6e1 and earlier). The root cause is a missing permission check that permits users with Overall/Read permission to enumerate pending and approved Script Security classpa...

4.3CVSS5.2AI score0.00174EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

5.2AI score0.00174EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/29 1:31 p.m.7 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

Jenkins GitHub Branch Source Plugin 安全漏洞

Jenkins GitHub Branch Source Plugin is an open-source plugin for Jenkins that provides continuous integration capabilities, enabling discovery of code hosting platforms and the selection of build branches. The Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier contain...

4.3CVSS5.9AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35913

A missing permission check in Jenkins Script Security Plugin 1399.ve6a 66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS5.2AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35917

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions prior to 1.46.1 Description Improper processing of the current job URL within the JavaScript used to validate the "GitHub hook trigger for GITScm polling" feature allows non-anonymous attackers with Overall/Read...

9CVSS6AI score0.00281EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.7 views

CVE-2023-40344

A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.6AI score0.00524EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.14 views

CVE-2022-27205

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS6.5AI score0.00734EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.17 views

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4.3CVSS6.2AI score0.00691EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.14 views

CVE-2019-16567

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS6.4AI score0.00647EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 5:15 a.m.8 views

Missing Authorization Checks

org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to missing authorization checks. The vulnerability is due to a missing permission check when accessing credential-related functionality, which allows an attacker with Overall/Read permission to enumerate credential IDs stored in Jenkins...

4.3CVSS6.7AI score0.00245EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/13 4:54 a.m.7 views

Authorization Bypass

Jenkins global-build-stats Plugin is vulnerable to Authorization Bypass. The vulnerability is due to missing permission checks in REST API endpoints, where the plugin exposes graph-related APIs without validating the caller’s authorization, and allows attackers with Overall/Read permission to...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.4 views

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

4.3CVSS6.6AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.5 views

CVE-2025-64148

A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.5AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/29 3:31 p.m.6 views

EUVD-2025-36662

Jenkins Themis Plugin is missing a permission check...

4.3CVSS6.2AI score0.00269EPSS
Exploits0References3
Rows per page
Query Builder