CVE-2017-1000087

The Connected documents confirm a vulnerability in the Jenkins GitHub Branch Source Plugin: any user with Overall/Read permission could enumerate credential IDs by accessing the job context, due to missing permission checks. The issue enables potential credential disclosure and could facilitate c...

CVE-2018-1000185

The CVE-2018-1000185 entry concerns Jenkins GitHub Branch Source Plugin (versions

CVE-2024-23903

CVE-2024-23903 affects Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier, which uses a non-constant time comparison for validating webhook tokens. This non-constant-time check can enable attackers to infer a valid webhook token via statistical analysis. The connected GitHub advi...

CVE-2017-1000091

The CVE-2017-1000091 entry concerns the Jenkins GitHub Branch Source Plugin, where form validation against a user-specified GitHub API URL allowed unauthorized credential access. The root cause is improper permission checks that let any user with Overall/Read access connect to a web server and se...

CVE-2024-23902

CVE-2024-23902 concerns the Jenkins GitLab Branch Source Plugin, affecting versions 684.vea_fa_7c1e2fe3 and earlier. The root cause is a CSRF vulnerability: the plugin’s form validation endpoint does not require POST requests, enabling an attacker to have the user connect to an attacker-specified...

CVE-2024-23901

The CVE concerns Jenkins GitLab Branch Source Plugin versions 684.vea_fa_7c1e2fe3 and earlier. The vulnerability is that the plugin unconditionally discovers projects shared with the configured owner group, enabling attackers to configure and share a project, which can cause Jenkins to build a cr...

CVE-2026-42522

The vulnerability CVE-2026-42522 affects Jenkins’ GitHub Branch Source Plugin (versions including 1967.vdea_d580c1a_b_a_ and earlier). The root cause is a missing permission check that permits attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified GitHub App ...