CVE-2022-36885

CVE-2022-36885 affects Jenkins GitHub Plugin 1.34.4 and earlier. The vulnerability arises from a non-constant time comparison when verifying webhook signatures, enabling attackers to use statistical methods to forge a valid webhook signature. Impact is limited to systems using the vulnerable plug...

CVE-2018-1000600

CVE-2018-1000600 affects the Jenkins GitHub Plugin (versions ≤ 1.29.1). The accompanying Nuclei template describes a server-side request forgery (SSRF) vulnerability in GitHubTokenCredentialsCreator.java, enabling an attacker to use an attacker-specified URL and credentials IDs obtained via anoth...

CVE-2023-46650

The CVE-2023-46650 entry corresponds to a stored XSS vulnerability in Jenkins GitHub Plugin versions up to 1.37.3. The root cause is that the plugin does not escape the GitHub project URL on the build page when showing changes, enabling stored XSS attacks. Exploitation is possible by attackers wi...

CVE-2018-1000183

The CVE-2018-1000183 entry describes an information disclosure in the Jenkins GitHub Plugin (versions 1.29.0 and earlier) via GitHubServerConfig.java. Attackers with Overall/Read access could connect to an attacker-specified URL using attacker-specified credentials IDs, causing credentials stored...

CVE-2018-1000184

The CVE refers to a server-side request forgery in the Jenkins GitHub Plugin (versions ≤ 1.29.0) where the vulnerable code GitHubPluginConfig.java allows an attacker with Overall/Read access to trigger Jenkins to issue a GET request to an arbitrary URL. This SSRF impact is documented across multi...

CVE-2026-42523

The CVE-2026-42523 entry affects Jenkins GitHub Plugin up to version 1.46.0. The vulnerability arises because the plugin improperly processes the current job URL within JavaScript that validates the GitHub hook trigger for GITScm polling, enabling stored XSS. Impact is described as high/critical ...