29428 matches found
Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test
Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier do not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials. GitHub...
CVE-2026-42523
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...
CVE-2026-42522
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
CVE-2026-42523
The CVE-2026-42523 entry affects Jenkins GitHub Plugin up to version 1.46.0. The vulnerability arises because the plugin improperly processes the current job URL within JavaScript that validates the GitHub hook trigger for GITScm polling, enabling stored XSS. Impact is described as high/critical ...
CVE-2026-42523
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...
CVE-2026-42523
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...
EUVD-2026-26225
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...
CVE-2026-42523
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...
CVE-2026-42522
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
CVE-2026-42522
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
CVE-2026-42522
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
CVE-2026-42522
The vulnerability CVE-2026-42522 affects Jenkins’ GitHub Branch Source Plugin (versions including 1967.vdea_d580c1a_b_a_ and earlier). The root cause is a missing permission check that permits attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified GitHub App ...
EUVD-2026-26224
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
CVE-2026-42522
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
GHSA-5MFF-CXQ5-82JV vulnerabilities
Vulnerabilities for packages: firefox-esr...
Jenkins GitHub Plugin 跨站脚本漏洞
The Jenkins GitHub Plugin is an open-source plugin for Jenkins that provides integration with code hosting platforms for continuous integration systems. The Jenkins GitHub Plugin versions 1.46.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper...
PT-2026-35917
Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions prior to 1.46.1 Description Improper processing of the current job URL within the JavaScript used to validate the "GitHub hook trigger for GITScm polling" feature allows non-anonymous attackers with Overall/Read...
PT-2026-35916
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea d580c1a b a and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
Jenkins GitHub Branch Source Plugin 安全漏洞
Jenkins GitHub Branch Source Plugin is an open-source plugin for Jenkins that provides continuous integration capabilities, enabling discovery of code hosting platforms and the selection of build branches. The Jenkins GitHub Branch Source Plugin versions 1967.vdead580c1aba and earlier contain...
Exploit for Command Injection in Github Enterprise_Server
ExploitCVE-2026-3854 CVE-2026-3854 is a Remote Code Executio...