Git Security Vulnerabilities and Issues — Git CVE List

Lucene search

JenkinsGit

11 matches found

CVE•added 2022/07/27 3:15 p.m.•332 views

CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

7.5CVSS7.3AI score0.76213EPSS

CVE•added 2020/03/09 4:15 p.m.•124 views

CVE-2020-2136

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.

5.4CVSS5.3AI score0.00083EPSS

CVE•added 2021/10/06 11:15 p.m.•104 views

CVE-2021-21684

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.

6.1CVSS5.7AI score0.00383EPSS

CVE•added 2022/07/27 3:15 p.m.•103 views

CVE-2022-36882

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

8.8CVSS8.4AI score0.00447EPSS

CVE•added 2022/07/27 3:15 p.m.•102 views

CVE-2022-36884

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.

5.3CVSS5.3AI score0.00515EPSS

CVE•added 2022/08/23 5:15 p.m.•100 views

CVE-2022-38663

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding.

6.5CVSS6.3AI score0.017EPSS

CVE•added 2022/05/17 3:15 p.m.•94 views

CVE-2022-30947

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

7.5CVSS7.3AI score0.01143EPSS

CVE•added 2019/02/06 4:29 p.m.•78 views

CVE-2019-1003010

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.

4.3CVSS4.3AI score0.0069EPSS

CVE•added 2018/06/05 8:29 p.m.•76 views

CVE-2018-1000182

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a spe...

6.4CVSS6.2AI score0.00039EPSS

CVE•added 2017/10/05 1:29 a.m.•74 views

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins...

7.5CVSS7.4AI score0.00147EPSS

CVE•added 2018/03/13 1:29 p.m.•59 views

CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.

5.3CVSS5AI score0.12984EPSS