Lucene search
K
JenkinsGitlab

6 matches found

CVE
CVE
added 2022/06/30 5:45 p.m.293 views

CVE-2022-34777

Summary of CVE-2022-34777: The Jenkins GitLab Plugin (versions 1.5.34 and earlier) does not escape multiple fields in the description of webhook-triggered builds, causing a stored cross-site scripting (XSS) vulnerability. Exploitation requires Item/Configure permission. The issue is documented in...

5.4CVSS5.3AI score0.7236EPSS
CVE
CVE
added 2022/05/17 2:6 p.m.150 views

CVE-2022-30955

CVE-2022-30955 affects Jenkins GitLab Plugin (≤ 1.5.31). The issue is a missing permission check on an HTTP endpoint that allows users with Overall/Read to enumerate credentials IDs stored in Jenkins, exposing credential identifiers. The primary sources (NVD entry and related advisories) describe...

6.5CVSS6.3AI score0.008EPSS
CVE
CVE
added 2025/01/22 5:2 p.m.97 views

CVE-2025-24397

CVE-2025-24397 concerns Jenkins GitLab Plugin (versions 1.9.6 and earlier) where an incorrect permission check in an HTTP endpoint allows attackers with global Item/Configure permission (but not per-job Item/Configure) to enumerate credential IDs of GitLab API tokens and Secret text credentials s...

4.3CVSS6AI score0.00288EPSS
CVE
CVE
added 2022/10/19 12:0 a.m.95 views

CVE-2022-43411

CVE-2022-43411 affects Jenkins GitLab Plugin (versions ≤ 1.5.35). The webhook token check uses a non-constant-time comparison, enabling potential timing-based…statistical attacks to deduce a valid token. The issue is fixed in GitLab Plugin 1.5.36, which adopts a constant-time comparison. Other co...

5.3CVSS5AI score0.00655EPSS
CVE
CVE
added 2019/04/18 4:54 p.m.72 views

CVE-2019-10300

The CVE-2019-10300 issue affects the Jenkins GitLab Plugin (v1.5.11 and earlier) in the GitLabConnectionConfig.doTestConnection form validation. The root cause is a missing or insufficient permissions check on the testConnection endpoint, enabling an attacker with certain Jenkins privileges (e.g....

8CVSS7.5AI score0.01355EPSS
CVE
CVE
added 2019/04/18 4:54 p.m.55 views

CVE-2019-10301

CVE-2019-10301 affects Jenkins GitLab Plugin ≤ 1.5.11. A missing permission check in GitLabConnectionConfig#doTestConnection form validation allowed users with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs, enabling access to credentials stored in J...

8.8CVSS8.4AI score0.01373EPSS