Lucene search
K
JenkinsGit Client

6 matches found

CVE
CVE
added 2019/09/12 1:55 p.m.191 views

CVE-2019-10392

CVE-2019-10392 affects Jenkins Git Client Plugin (versions ≤2.8.4 and 3.0.0-rc): improper restriction of values passed to git ls-remote enables OS command injection. Exploitation details are present in a public exploit repository (GitHub). NVD CVSSv3.1 base score 8.8 (HIGH). Connected advisories ...

8.8CVSS8.8AI score0.25779EPSS
CVE
CVE
added 2022/07/27 2:20 p.m.144 views

CVE-2022-36881

CVE-2022-36881 affects Jenkins Git client plugin and is disclosed across multiple sources (including GHSA and OSV). The issue: Git client plugin 3.11.0 and older does not perform SSH host key verification when connecting to Git repositories over SSH, enabling Man-in-the-Middle attacks. Impact des...

8.1CVSS7.8AI score0.00783EPSS
CVE
CVE
added 2017/11/01 1:0 p.m.79 views

CVE-2017-1000242

CVE-2017-1000242 affects Jenkins Git Client Plugin 2.4.2 and earlier, where temporary files are created with insecure permissions, enabling information disclosure. The known impact is information leakage due to insecure file permissions; exploitation details are not provided in the available docu...

3.3CVSS3.8AI score0.00379EPSS
CVE
CVE
added 2025/09/03 3:2 p.m.24 views

CVE-2025-58458

The CVE-2025-58458 entry concerns the Jenkins Git client Plugin (versions 6.3.2 and earlier, excluding 6.1.4 and 6.2.1). The root cause is inconsistent validation of the Git URL field when using the amazon-s3 protocol with JGit, where the response depends on whether the specified file path exists...

4.3CVSS6.2AI score0.00288EPSS
CVE
CVE
added 2025/12/10 4:50 p.m.17 views

CVE-2025-67640

Jenkins Git client Plugin vulnerability CVE-2025-67640 affects versions 6.4.0 and earlier. The issue arises from improper escaping of the workspace directory path in a temporary shell script generated by the plugin, enabling an attacker who controls the workspace name to inject and execute arbitr...

5CVSS6.6AI score0.00179EPSS
CVE
CVE
added 2026/06/24 1:20 p.m.17 views

CVE-2026-57282

The CVE-2026-57282 entry applies to Jenkins Git client Plugin versions 6.6.0 and earlier. The issue is improper escaping of the workspace directory name when inserted into a generated SSH wrapper script, enabling an attacker who can control the build’s working directory name to execute arbitrary ...

5CVSS6.2AI score0.00207EPSS