14 matches found
EUVD-2026-32516
A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...
PT-2026-44018
Name of the Vulnerable Software and Affected Versions Jenkins GitHub Integration Plugin versions prior to 0.7.4 Description A cross-site request forgery CSRF flaw allows attackers to trigger a build for a pull request. CSRF is a type of attack that tricks a victim into submitting a malicious...
CVE-2026-42523
The CVE-2026-42523 entry affects Jenkins GitHub Plugin up to version 1.46.0. The vulnerability arises because the plugin improperly processes the current job URL within JavaScript that validates the GitHub hook trigger for GITScm polling, enabling stored XSS. Impact is described as high/critical ...
Jenkins GitHub Plugin 跨站脚本漏洞
The Jenkins GitHub Plugin is an open-source plugin for Jenkins that provides integration with code hosting platforms for continuous integration systems. The Jenkins GitHub Plugin versions 1.46.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper...
EUVD-2023-2784
Malicious code in bioql PyPI...
EUVD-2022-6379
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2018-1000600
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
Cross site scripting
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
plugin: Non-constant time webhook signature comparison in GitHub Plugin
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...
CVE-2022-36885
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...
CVE-2022-36885
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...
CVE-2022-36885
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...
CVE-2018-1000600
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
CVE-2018-1000184
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...