Lucene search
K

11 matches found

CVE
CVE
added 2022/07/27 2:21 p.m.404 views

CVE-2022-36883

CVE-2022-36883 affects Jenkins Git Plugin prior to 4.11.4. A missing authorization check allows unauthenticated attackers to trigger builds for jobs using an attacker-specified Git repository and cause checkout of an attacker-specified commit. This can lead to exposure of sensitive information, m...

7.5CVSS7.3AI score0.05454EPSS
CVE
CVE
added 2020/03/09 3:0 p.m.145 views

CVE-2020-2136

CVE-2020-2136 affects Jenkins Git Plugin up to version 4.2.0, with a stored cross-site scripting (XSS) vulnerability in the error message for the Microsoft TFS repository URL during form validation. Root cause: error message handling does not escape the URL input. Impact: potential UI-based XSS i...

5.4CVSS5.3AI score0.00853EPSS
CVE
CVE
added 2021/10/06 10:10 p.m.143 views

CVE-2021-21684

CVE-2021-21684 affects Jenkins Git Plugin 4.8.2 and earlier. The stored XSS arises because Git SHA-1 checksum parameters are not escaped when displayed in a build cause, enabling crafted commit notifications (via /git/notifyCommit) to inject scripts. The issue is mitigated by upgrading to Jenkins...

6.1CVSS5.7AI score0.01197EPSS
CVE
CVE
added 2022/07/27 2:20 p.m.135 views

CVE-2022-36882

The CVE-2022-36882 entry documents a CSRF flaw in Jenkins Git Plugin 4.11.3 and earlier, enabling attackers to trigger builds for jobs that use an attacker-specified Git repository and to checkout an attacker-specified commit. Connected advisories (RHSA-2023) corroborate this issue among Jenkins-...

8.8CVSS8.4AI score0.0058EPSS
CVE
CVE
added 2022/07/27 2:21 p.m.128 views

CVE-2022-36884

CVE-2022-36884 affects Jenkins Git Plugin up to version 4.11.3, where the webhook endpoint may reveal to unauthenticated attackers whether a job is configured to use an attacker-specified Git repository. The impact is information disclosure about the existence of such jobs; there is no detail on ...

5.3CVSS5.3AI score0.00836EPSS
CVE
CVE
added 2022/08/23 4:45 p.m.121 views

CVE-2022-38663

Affected software: Jenkins Git Plugin (versions 4.11.4 and earlier). Vulnerability: Credentials bound via Git Username and Password (gitUsernamePassword) are not properly masked in the build log, potentially exposing sensitive data. Root cause: Improper handling/masking of credentials in the plug...

6.5CVSS6.3AI score0.00781EPSS
CVE
CVE
added 2022/05/17 2:6 p.m.116 views

CVE-2022-30947

CVE-2022-30947 affects Jenkins Git Plugin versions 4.11.1 and earlier. The vulnerability allows an attacker who can configure pipelines to cause the plugin to checkout SCM repositories stored on the Jenkins controller’s filesystem using local paths as SCM URLs. This can lead to information disclo...

7.5CVSS7.3AI score0.01191EPSS
CVE
CVE
added 2019/02/06 4:0 p.m.100 views

CVE-2019-1003010

The CVE-2019-1003010 entry concerns Jenkins Git Plugin (versions 3.9.1 and earlier). The issue is a cross-site request forgery in src/main/java/hudson/plugins/git/GitTagAction.java that lets an attacker create a Git tag in a workspace and attach metadata to a build record. The documents do not sp...

4.3CVSS4.3AI score0.01145EPSS
CVE
CVE
added 2018/06/05 8:0 p.m.93 views

CVE-2018-1000182

A server-side request forgery (SSRF) vulnerability exists in Jenkins Git Plugin 3.9.0 and older. In AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, and ViewGitWeb.java, attackers with Overall/Read access can cause Jenkins to send a GET request to a...

6.4CVSS6.2AI score0.00809EPSS
CVE
CVE
added 2017/10/04 1:0 a.m.91 views

CVE-2017-1000092

CVE-2017-1000092 concerns the Jenkins Git Plugin. A maliciously crafted Jenkins URL could cause the Git client to transmit credentials to an attacker-controlled server, enabling credential leakage via a CSRF-like scenario. The entry notes that an attacker with no Jenkins access but with knowledge...

7.5CVSS7.4AI score0.00769EPSS
CVE
CVE
added 2018/03/13 1:0 p.m.76 views

CVE-2018-1000110

The CVE-2018-1000110 entry concerns the Jenkins Git Plugin (v3.7.0 and earlier). Root cause: GitStatus.java contains improper authorization, allowing an attacker with network access to enumerate a list of nodes and users via search endpoints (e.g., /search/suggest?query=x and /search/?q=x). Impac...

5.3CVSS5AI score0.03988EPSS
Web