Jenkins Git Client Plugin Remote Code Execution (CVE-2019-10392)

A remote code execution vulnerability exists in Jenkins Git Client Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2019-10414

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10414

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

Design/Logic Flaw

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10414

The CVE affects Jenkins Git Changelog Plugin versions 2.17 and earlier. Credentials were stored unencrypted in job config.xml on the Jenkins master, exposing them to users with Extended Read permission or with access to the master file system. Practical impact is disclosure of sensitive credentia...

CVE-2019-10414

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11808 · Jenkins · Jenkins Git Changelog Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Changelog Plugin versions 2.17 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. Specifically, MediaWiki and Jira passwords...

Critical Photon OS Security Update - PHSA-2019-0196

Updates of 'oniguruma', 'ruby', 'git', 'libmspack', 'libxslt', 'subversion', 'libssh2' packages of Photon OS have been released...

EulerOS 2.0 SP3 : git (EulerOS-SA-2019-2028)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted...

CVE-2019-15000

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 the fixed version for 5.16.x , from 6.0.0 before 6.0.10 the fixed version for 6.0.x, from 6.1.0 before 6.1.8 the fixed version for 6.1.x, from 6.2.0 before 6.2.6 the fixed version for 6.2.x, from 6.3.0 before 6.3.5 t...

CVE-2019-15000

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 the fixed version for 5.16.x , from 6.0.0 before 6.0.10 the fixed version for 6.0.x, from 6.1.0 before 6.1.8 the fixed version for 6.1.x, from 6.2.0 before 6.2.6 the fixed version for 6.2.x, from 6.3.0 before 6.3.5 t...

Command injection

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 the fixed version for 5.16.x , from 6.0.0 before 6.0.10 the fixed version for 6.0.x, from 6.1.0 before 6.1.8 the fixed version for 6.1.x, from 6.2.0 before 6.2.6 the fixed version for 6.2.x, from 6.3.0 before 6.3.5 t...

CVE-2019-15000

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 the fixed version for 5.16.x , from 6.0.0 before 6.0.10 the fixed version for 6.0.x, from 6.1.0 before 6.1.8 the fixed version for 6.1.x, from 6.2.0 before 6.2.6 the fixed version for 6.2.x, from 6.3.0 before 6.3.5 t...

EulerOS 2.0 SP2 : git (EulerOS-SA-2019-1843)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted...

EulerOS Virtualization for ARM 64 3.0.2.0 : git (EulerOS-SA-2019-1930)

According to the version of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory...

Jenkins Git client plugin command execution vulnerability

Jenkins is an open source software project , is based on Java development of a continuous integration tool . Git client plug-in for Jenkins plug-in provides git application programming interface . Jenkins Git client plug-in has a command execution vulnerability , with Job/Configure privileges of...

EulerOS 2.0 SP5 : git (EulerOS-SA-2019-1917)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted...

Node.js third-party modules: [create-git] RCE via insecure command formatting

The create-git NPM module was vulnerable against command injection which was possible since some user supplied inputs were concatenated without proper checks inside a exec call, which made possible executing arbitrary commands besides the git one which is used by the tool. The PoC resulted in: js...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...