2 matches found
CVE-2017-1000091
GitHub Branch Source Plugin connects to a user-specified GitHub API URL e.g. GitHub Enterprise as part of form validation and completion e.g. to verify Scan Credentials are correct. This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect...
CVE-2017-1000091
The CVE-2017-1000091 entry concerns the Jenkins GitHub Branch Source Plugin, where form validation against a user-specified GitHub API URL allowed unauthorized credential access. The root cause is improper permission checks that let any user with Overall/Read access connect to a web server and se...