RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:2478)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2478 advisory. - jenkins-git-client-plugin: OS command injection via 'git ls-remote' CVE-2019-10392 - jenkins-script-security-plugin: sandbox...

OS Command Injection

Jenkins Git Client Plugin is vulnerable to OS Command Injection. The vulnerability is due to improper escaping of the workspace directory path when constructing arguments in a temporary shell script, where an attacker who can control the workspace directory name can inject and execute arbitrary...

Information Disclosure

Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...

Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

EUVD-2025-202456

Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin...

Jenkins plugin Git client 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Jenkins plugins Multiple Vulnerabilities (2025-12-10)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage result...

EUVD-2025-26516

Malicious code in bioql PyPI...

EUVD-2022-6320

Malicious code in bioql PyPI...

GHSA-G2PQ-9JR7-W6GV Jenkins Git client Plugin file system information disclosure vulnerability

In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

The CVE-2025-58458 entry concerns the Jenkins Git client Plugin (versions 6.3.2 and earlier, excluding 6.1.4 and 6.2.1). The root cause is inconsistent validation of the Git URL field when using the amazon-s3 protocol with JGit, where the response depends on whether the specified file path exists...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

PT-2025-35780

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 6.3.2 and earlier Description: The Git URL field form validation responses differ based on whether the specified file path exists on the Jenkins controller when using the amazon-s3 protocol with JGit. This...

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...