Github Branch Source@* Security Vulnerabilities and Issues — Github Branch Source@* CVE List

Lucene search

JenkinsGithub Branch Source*

5 matches found

CVE•added 2017/10/05 1:29 a.m.•74 views

CVE-2017-1000087

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part o...

4.3CVSS4.5AI score0.00023EPSS

CVE•added 2018/06/05 8:29 p.m.•69 views

CVE-2018-1000185

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

4.3CVSS4.5AI score0.00041EPSS

CVE•added 2024/01/24 6:15 p.m.•64 views

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

5.3CVSS5.3AI score0.0008EPSS

CVE•added 2024/01/24 6:15 p.m.•57 views

CVE-2024-23902

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.

4.3CVSS4.7AI score0.00048EPSS

CVE•added 2024/01/24 6:15 p.m.•55 views

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.

6.5CVSS6.3AI score0.00088EPSS