PT-2022-26895 · Jenkins · Jenkins Mercurial Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 1251.va b 121f184902 and earlier Description: The Mercurial Plugin provides a webhook endpoint at "/mercurial/notifyCommit" that can be used to notify Jenkins of changes to an SCM repository. This endpoint...

PT-2022-5837 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.3 and earlier Description: The webhook endpoint in Jenkins Git Plugin provides unauthenticated attackers with information about the existence of jobs configured to use an attacker-specified Git repository. Thi...

Stored XSS vulnerability in Jenkins Git Plugin

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to th...