5 matches found
CVE-2017-1000087
The Connected documents confirm a vulnerability in the Jenkins GitHub Branch Source Plugin: any user with Overall/Read permission could enumerate credential IDs by accessing the job context, due to missing permission checks. The issue enables potential credential disclosure and could facilitate c...
CVE-2018-1000185
The CVE-2018-1000185 entry concerns Jenkins GitHub Branch Source Plugin (versions
CVE-2024-23902
CVE-2024-23902 concerns the Jenkins GitLab Branch Source Plugin, affecting versions 684.vea_fa_7c1e2fe3 and earlier. The root cause is a CSRF vulnerability: the plugin’s form validation endpoint does not require POST requests, enabling an attacker to have the user connect to an attacker-specified...
CVE-2026-42522
The vulnerability CVE-2026-42522 affects Jenkins’ GitHub Branch Source Plugin (versions including 1967.vdea_d580c1a_b_a_ and earlier). The root cause is a missing permission check that permits attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified GitHub App ...
CVE-2026-57285
CVE-2026-57285: A missing permission check in Jenkins GitHub Branch Source Plugin (versions 1967.1969.v205fd594c821 and earlier) allows users with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration. Affected component: Jenkins Git...