br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2022-36883 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2022-36883 Source advisory: OSV:GHSA-V878-67XW-GRW2...

Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

Insufficient Permission Check

Jenkins git plugin is vulnerable to an insufficient permission check. An unauthenticated attacker can trigger builds to a malicious GIT repository, changing the job configuration...

CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

CVE-2022-36882

A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

CVE-2022-36882

A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

Design/Logic Flaw

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

Design/Logic Flaw

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

CVE-2022-36884

CVE-2022-36884 affects Jenkins Git Plugin up to version 4.11.3, where the webhook endpoint may reveal to unauthenticated attackers whether a job is configured to use an attacker-specified Git repository. The impact is information disclosure about the existence of such jobs; there is no detail on ...

CVE-2022-36883

CVE-2022-36883 affects Jenkins Git Plugin prior to 4.11.4. A missing authorization check allows unauthenticated attackers to trigger builds for jobs using an attacker-specified Git repository and cause checkout of an attacker-specified commit. This can lead to exposure of sensitive information, m...

CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

CVE-2022-36882

The CVE-2022-36882 entry documents a CSRF flaw in Jenkins Git Plugin 4.11.3 and earlier, enabling attackers to trigger builds for jobs that use an attacker-specified Git repository and to checkout an attacker-specified commit. Connected advisories (RHSA-2023) corroborate this issue among Jenkins-...

CVE-2022-36882

A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

Jenkins Git Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-4996 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.3 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to insufficient authentication of requests. This allows attackers to trigger builds of jobs configured to use an...