Lucene search
K

92 matches found

CVE
CVE
added 2025/12/10 4:50 p.m.17 views

CVE-2025-67640

Jenkins Git client Plugin vulnerability CVE-2025-67640 affects versions 6.4.0 and earlier. The issue arises from improper escaping of the workspace directory path in a temporary shell script generated by the plugin, enabling an attacker who controls the workspace name to inject and execute arbitr...

5CVSS6.6AI score0.00179EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

Jenkins plugin Git client 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

5CVSS6.6AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50358

Name of the Vulnerable Software and Affected Versions Jenkins Git client Plugin versions 6.4.0 and earlier Description The Jenkins Git client Plugin does not properly escape the path to the workspace directory when creating a temporary shell script. This allows attackers who can control the...

5CVSS7.1AI score0.00179EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.10 views

Jenkins plugins Multiple Vulnerabilities (2025-12-10)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage result...

8CVSS5.9AI score0.0029EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-26516

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-6320

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.00783EPSS
Exploits0References8
NVD
NVD
added 2025/09/22 8:15 p.m.29 views

CVE-2025-59433

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

5.3CVSS0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/22 7:45 p.m.5 views

Arbitrary Argument Injection

Overview @conventional-changelog/git-client is a Simple git client for conventional changelog packages. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the getTags API which allows specifying extra parameters passed to the git log command. An attacker can...

5.7CVSS7.1AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 7:14 p.m.13 views

CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

5.3CVSS0.00202EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/22 6:1 p.m.8 views

@akala/semantic-release (>=2.0.11 <=3.0.62), @blinkbooks/types (>=1.0.5 <=1.0.43) +32 more potentially affected by CVE-2025-59433 via @conventional-changelog/git-client (=1.0.1)

@conventional-changelog/git-client NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @conventional-changelog/git-client and may be impacted: - @akala/semantic-release =2.0.11, =1.0.5, =4.0.0, =1.19.0, =2.10.0, =1.0.0, =1.0.0, =11.0.0,...

5.3CVSS5.7AI score0.00202EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/22 6:1 p.m.8 views

@conventional-changelog/git-client has Argument Injection vulnerability

Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...

5.3CVSS7.5AI score0.00202EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/05 3:22 p.m.4 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

4.3CVSS6.8AI score0.00288EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/03 3:30 p.m.5 views

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Git URL field form validation process. An attacker can determine the existence of...

5.3CVSS7AI score0.00288EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/03 3:30 p.m.7 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1) +148 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=6.3.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =29.v7c3891a434c3, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2025-58458 Source advisory: OSV:GHSA-G2PQ-9JR7-W6GV...

4.3CVSS5.8AI score0.00288EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/03 3:30 p.m.14 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), com.coravy.hudson.plugins.github:github (>=1.41.0 <=1.45.0) +35 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=6.1.0 <=6.3.0)

org.jenkins-ci.plugins:git-client MAVEN version =6.1.0, =37.v0d3157c4aef8, =1.41.0, =61.vf6d8f6f5ed02, =1.1.0.825.v30618768da42, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =3.2083.vd36f32376929, =530.v38d502df428f, =634.v371dc6d978a3, =718.v40b5f0e67cd3,...

4.3CVSS5.4AI score0.00288EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/03 3:30 p.m.7 views

Jenkins Git client Plugin file system information disclosure vulnerability

In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an...

4.3CVSS6.8AI score0.00288EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/09/03 3:30 p.m.5 views

GHSA-G2PQ-9JR7-W6GV Jenkins Git client Plugin file system information disclosure vulnerability

In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an...

4.3CVSS6.8AI score0.00288EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/09/03 3:15 p.m.6 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

4.3CVSS6.5AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2025/09/03 3:15 p.m.7 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

4.3CVSS0.00288EPSS
Exploits0References2
OSV
OSV
added 2025/09/03 3:15 p.m.7 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

4.3CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder