CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

CVE-2025-67640

Jenkins Git client Plugin vulnerability CVE-2025-67640 affects versions 6.4.0 and earlier. The issue arises from improper escaping of the workspace directory path in a temporary shell script generated by the plugin, enabling an attacker who controls the workspace name to inject and execute arbitr...

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

PT-2025-50358

Name of the Vulnerable Software and Affected Versions Jenkins Git client Plugin versions 6.4.0 and earlier Description The Jenkins Git client Plugin does not properly escape the path to the workspace directory when creating a temporary shell script. This allows attackers who can control the...

EUVD-2022-6320

Malicious code in bioql PyPI...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1) +148 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=6.3.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =29.v7c3891a434c3, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2025-58458 Source advisory: OSV:GHSA-G2PQ-9JR7-W6GV...

The vulnerability of the SSH Host Key Verification component of the Jenkins Git Client Plugin allows a perpetrator to execute a “man-in-the-middle” type attack.

The vulnerability of the SSH Host Key Verification component in the Jenkins Git Client Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” attack remotely...

GHSA-CM7J-P8HC-97VJ Jenkins Git client plugin 3.11.0 does not perform SSH host key verification

Jenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meet...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +122 more potentially affected by CVE-2017-1000242 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=2.4.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2017-1000242 Source advisory: OSV:GHSA-FCXW-HHXQ-48WX...