CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

Information disclosure

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

Default credentials

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

CVE-2017-1000092

CVE-2017-1000092 concerns the Jenkins Git Plugin. A maliciously crafted Jenkins URL could cause the Git client to transmit credentials to an attacker-controlled server, enabling credential leakage via a CSRF-like scenario. The entry notes that an attacker with no Jenkins access but with knowledge...

jenkins-plugin-git: CSRF vulnerability allows capturing credentials (SECURITY-528)

The Git Plugin can leak credentials username and password used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL...

CloudBees Jenkins Git Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed tasks . Git Plugin is one of the plug-ins used to manage the...

CVE-2017-1000092

The Git Plugin can leak credentials username and password used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL...

DEBIAN-CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

[SECURITY] [DSA 3275-1] fusionforge security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3275-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 30, 2015 http://www.debian.org/security/faq -...

FusionForge Git plugin is vulnerable

FusionForge is a collaborative team development environment , its main features include communication tools such as forums , news , etc. , development tools such as bug tracking , project management , etc. and community tools such as file distribution , software classification , etc..Git is one o...

CVE-2015-0850

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository...

Code injection

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository...

CVE-2015-0850

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository...

CVE-2015-0850

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository...

CVE-2015-0850

The CVE-2015-0850 entry pertains to FusionForge’s Git plugin prior to 6.0rc4, where a vulnerability in the Git repository-creation parameter path allows remote arbitrary code execution. Affected component: FusionForge Git plugin (before 6.0rc4). Root cause: inadequate input handling when creating...

[SECURITY] [DSA 3275-1] fusionforge security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3275-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 30, 2015 http://www.debian.org/security/faq -...