CVE-2026-57282

The CVE-2026-57282 entry applies to Jenkins Git client Plugin versions 6.6.0 and earlier. The issue is improper escaping of the workspace directory name when inserted into a generated SSH wrapper script, enabling an attacker who can control the build’s working directory name to execute arbitrary ...

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

EUVD-2022-5132

Malicious code in bioql PyPI...

EUVD-2022-6299

Malicious code in bioql PyPI...

EUVD-2022-2769

Malicious code in bioql PyPI...

EUVD-2022-3953

Malicious code in bioql PyPI...

EUVD-2022-6223

Malicious code in bioql PyPI...

EUVD-2022-6582

Malicious code in bioql PyPI...

CVE-2022-30947

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

plugin: Lack of authentication mechanism in Git Plugin webhook

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

The vulnerability of the Webhook Endpoint component of the Jenkins Git Plugin, related to the disclosure of information, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Webhook Endpoint component of the Jenkins Git Plugin relates to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Build Handler component of the Jenkins Git plugin allows a perpetrator to perform arbitrary actions on a vulnerable device.

The vulnerability of the Build Handler component in the Jenkins Git plugin is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device by manipulating the requests made...

CVE-2022-38663

Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...

Default credentials

Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2022-36883 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2022-36883 Source advisory: OSV:GHSA-V878-67XW-GRW2...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2022-36884 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2022-36884 Source advisory: OSV:GHSA-449W-C77C-VMF6...

CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

CVE-2022-36882

A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

Design/Logic Flaw

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

CVE-2022-36882

A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...