PT-2022-20401 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.1 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enables...

Jenkins Git Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

Server-Side Request Forgery in Jenkins Git Plugin

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +91 more potentially affected by CVE-2018-1000182 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.9.0)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2018-1000182 Source advisory: OSV:GHSA-53WF-VQF9-CGF2...

GHSA-53WF-VQF9-CGF2 Server-Side Request Forgery in Jenkins Git Plugin

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...

Cross-Site Request Forgery in Jenkins Git Plugin

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +91 more potentially affected by CVE-2019-1003010 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.9.1)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2019-1003010 Source advisory: OSV:GHSA-R8RW-XX57-M64Q...

GHSA-R8RW-XX57-M64Q Cross-Site Request Forgery in Jenkins Git Plugin

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record...

GHSA-46P2-FWQG-3H6M Incorrect Authorization in Jenkins Git Plugin

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

Incorrect Authorization in Jenkins Git Plugin

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +90 more potentially affected by CVE-2018-1000110 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.6.0)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2018-1000110 Source advisory: OSV:GHSA-46P2-FWQG-3H6M...

Cross-site Scripting (XSS)

jenkins Git Plugin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause...

jenkins-2-plugins/git: stored XSS vulnerability

A stored cross-site scripting XSS vulnerability was found in the Jenkins Git plugin. Due to not escaping the Git SHA-1 checksum parameters provided to commit notifications, an attacker is able to submit crafted commit notifications to the /git/notifyCommit endpoint...

Jenkins Git Plugin < 4.8.3 XSS

According to its its self-reported version number, the version of the Jenkins Git Plugin running on the remote web server is prior to 4.8.3. It is, therefore, affected by a cross-site scripting vulnerability due to it not escaping the Git SHA-1 checksum parameters provided to commit notifications...

CVE-2021-21684

A stored cross-site scripting XSS vulnerability was found in the Jenkins Git plugin. Due to not escaping the Git SHA-1 checksum parameters provided to commit notifications, an attacker is able to submit crafted commit notifications to the /git/notifyCommit endpoint...

CVE-2021-21684

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...

CVE-2021-21684

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...

CVE-2021-21684

CVE-2021-21684 affects Jenkins Git Plugin 4.8.2 and earlier. The stored XSS arises because Git SHA-1 checksum parameters are not escaped when displayed in a build cause, enabling crafted commit notifications (via /git/notifyCommit) to inject scripts. The issue is mitigated by upgrading to Jenkins...

PT-2021-14727 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.8.2 and earlier Description: The issue arises from the failure to escape Git SHA-1 checksum parameters provided to commit notifications when displayed in a build cause, resulting in a stored cross-site scripting...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A cross-site scripting vulnerability exists in Jenkins Git Plugin 4.8.2 and earlier versions that stems from not bypassin...