CVE-2022-36881

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks...

CVE-2022-36881

CVE-2022-36881 affects Jenkins Git client plugin and is disclosed across multiple sources (including GHSA and OSV). The issue: Git client plugin 3.11.0 and older does not perform SSH host key verification when connecting to Git repositories over SSH, enabling Man-in-the-Middle attacks. Impact des...

Jenkins Git client Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-5835 · Jenkins · Jenkins Git Client Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 3.11.0 and earlier Description: The issue is related to the lack of SSH host key verification when connecting to Git repositories via SSH, which enables man-in-the-middle attacks. This is due to shortcomings...

GHSA-HW6X-2QWV-RXR7 Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

Insecure temporary file usage in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

jenkins-git-client-plugin: OS command injection via 'git ls-remote'

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

Jenkins Git client plugin command execution vulnerability

Jenkins is an open source software project , is based on Java development of a continuous integration tool . Git client plug-in for Jenkins plug-in provides git application programming interface . Jenkins Git client plug-in has a command execution vulnerability , with Job/Configure privileges of...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

CVE-2019-10392

CVE-2019-10392 affects Jenkins Git Client Plugin (versions ≤2.8.4 and 3.0.0-rc): improper restriction of values passed to git ls-remote enables OS command injection. Exploitation details are present in a public exploit repository (GitHub). NVD CVSSv3.1 base score 8.8 (HIGH). Connected advisories ...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

PT-2019-11786 · Jenkins · Jenkins Git Client Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Client Plugin versions 2.8.4 and earlier Jenkins Git Client Plugin version 3.0.0-rc Description: The issue results from improper restriction of values passed as URL arguments to an invocation of git ls-remote, leading to OS comman...

CloudBees Jenkins Git Client Plugin Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Git...

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

CVE-2017-1000242

CVE-2017-1000242 affects Jenkins Git Client Plugin 2.4.2 and earlier, where temporary files are created with insecure permissions, enabling information disclosure. The known impact is information leakage due to insecure file permissions; exploitation details are not provided in the available docu...

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...