Jenkins

Git

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-38663

  • EPSS 2.22%
  • Published 23.08.2022 17:15:15
  • Last modified 21.11.2024 07:16:53

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.

8.8

CVE-2022-36882

  • EPSS 0.34%
  • Published 27.07.2022 15:15:08
  • Last modified 21.11.2024 07:13:58

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

7.5

CVE-2022-36883

  • EPSS 69.38%
  • Published 27.07.2022 15:15:08
  • Last modified 21.11.2024 07:13:58

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

5.3

CVE-2022-36884

  • EPSS 0.46%
  • Published 27.07.2022 15:15:08
  • Last modified 21.11.2024 07:13:59

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.

7.5

CVE-2022-30947

  • EPSS 1.57%
  • Published 17.05.2022 15:15:08
  • Last modified 21.11.2024 07:03:36

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SC...

6.1

CVE-2021-21684

  • EPSS 0.2%
  • Published 06.10.2021 23:15:06
  • Last modified 21.11.2024 05:48:49

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.

5.4

CVE-2020-2136

  • EPSS 0.13%
  • Published 09.03.2020 16:15:12
  • Last modified 21.11.2024 05:24:45

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.

4.3

CVE-2019-1003010

  • EPSS 0.69%
  • Published 06.02.2019 16:29:00
  • Last modified 21.11.2024 04:17:44

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build reco...

6.4

CVE-2018-1000182

  • EPSS 0.04%
  • Published 05.06.2018 20:29:00
  • Last modified 21.11.2024 03:39:52

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read acces...

5.3

CVE-2018-1000110

  • EPSS 12.98%
  • Published 13.03.2018 13:29:00
  • Last modified 21.11.2024 03:39:39

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.