CVE-2023-24434

The CVE-2023-24434 entry concerns Jenkins GitHub Pull Request Builder Plugin (versions ≤1.42.2). The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to connect to an attacker‑specified URL using attacker‑specified credentials IDs, enabling capture of credentials store...

CVE-2023-24436

CVE-2023-24436 affects Jenkins GitHub Pull Request Builder Plugin (versions

CVE-2023-24435

CVE-2023-24435 concerns the Jenkins GitHub Pull Request Builder Plugin (versions

CVE-2018-1000143

CVE-2018-1000143 affects Jenkins GitHub Pull Request Builder Plugin (versions 1.39.0 and earlier) and GhprbCause.java, enabling a local attacker with filesystem access to obtain GitHub credentials. The issue is confirmed across NVD and multiple security trackers. Impact is exposure of credentials...

CVE-2018-1000142

CVE-2018-1000142 affects the Jenkins GitHub Pull Request Builder Plugin (versions 1.39.0 and older). The root cause is exposure of credentials stored in GhprbCause.java, allowing an attacker with local file system access to obtain GitHub credentials. The impact is sensitive credential disclosure ...

CVE-2018-1000186

Affected software: Jenkins GitHub Pull Request Builder Plugin (GhprbGitHubAuth.java) up to version 1.41.0. The vulnerability allows attackers with Overall/Read access to connect to an attacker‑specified URL using attacker‑provided credentials IDs, enabling capture of credentials stored in Jenkins...