The vulnerability of the SourceTree visual Git client, related to improper code generation management, allows a hacker to execute arbitrary code.

The vulnerability of the visual Git client SourceTree is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

The vulnerability of the SSH Host Key Verification component of the Jenkins Git Client Plugin allows a perpetrator to execute a “man-in-the-middle” type attack.

The vulnerability of the SSH Host Key Verification component in the Jenkins Git Client Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” attack remotely...

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

CVE-2022-36881

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +135 more potentially affected by CVE-2022-36881 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=3.0.0-rc)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2022-36881 Source advisory: OSV:GHSA-CM7J-P8HC-97VJ...

GHSA-CM7J-P8HC-97VJ Jenkins Git client plugin 3.11.0 does not perform SSH host key verification

Jenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meet...

CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks...

CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks...

CVE-2022-36881

CVE-2022-36881 affects Jenkins Git client plugin and is disclosed across multiple sources (including GHSA and OSV). The issue: Git client plugin 3.11.0 and older does not perform SSH host key verification when connecting to Git repositories over SSH, enabling Man-in-the-Middle attacks. Impact des...

Jenkins Git client Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-5835 · Jenkins · Jenkins Git Client Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 3.11.0 and earlier Description: The issue is related to the lack of SSH host key verification when connecting to Git repositories via SSH, which enables man-in-the-middle attacks. This is due to shortcomings...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +135 more potentially affected by CVE-2019-10392 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=2.7.7)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2019-10392 Source advisory: OSV:GHSA-HW6X-2QWV-RXR7...

GHSA-HW6X-2QWV-RXR7 Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +122 more potentially affected by CVE-2017-1000242 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=2.4.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2017-1000242 Source advisory: OSV:GHSA-FCXW-HHXQ-48WX...

Insecure temporary file usage in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

Metasploit Wrap-Up

Capture Credentials with our new SMB Server Our own Adam Galway revamped the old SMB capture module and now supports NTLMv1 and NTLMv2, as well as SMB1, SMB2 and SMB3. This was possible thanks to @zeroSteiner's new RubySMB server implementation. Metasploit is now able to capture NTLM hashes from...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...