106 matches found
The vulnerability of the Jenkins GitLab Branch Source Plugin, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to confidential information.
The vulnerability of the Jenkins GitLab Branch Source Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to confidential information...
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2024-23902
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2024-23902
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
Information disclosure
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2024-23903
CVE-2024-23903 affects Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier, which uses a non-constant time comparison for validating webhook tokens. This non-constant-time check can enable attackers to infer a valid webhook token via statistical analysis. The connected GitHub advi...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2024-23902
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2024-23902
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2024-23901
The CVE concerns Jenkins GitLab Branch Source Plugin versions 684.vea_fa_7c1e2fe3 and earlier. The vulnerability is that the plugin unconditionally discovers projects shared with the configured owner group, enabling attackers to configure and share a project, which can cause Jenkins to build a cr...
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
PT-2024-1426 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected webhook token are equal. This...
PT-2024-1424 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to insufficient access control in the Jenkins GitLab Branch Source Plugin. This allows attackers to configure and share a project,...
[SECURITY] Fedora 38 Update: rust-gst-plugin-reqwest-0.11.1-2.fc38
GStreamer reqwest HTTP Source Plugin...
[SECURITY] Fedora 39 Update: rust-gst-plugin-reqwest-0.11.1-2.fc39
GStreamer reqwest HTTP Source Plugin...