CVE-2026-57285
- EPSS 0.22%
- Veröffentlicht 24.06.2026 13:20:06
- Zuletzt bearbeitet 26.06.2026 19:59:33
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.
CVE-2026-42522
- EPSS 0.18%
- Veröffentlicht 29.04.2026 14:16:19
- Zuletzt bearbeitet 06.05.2026 16:18:23
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.
CVE-2024-23901
- EPSS 0.46%
- Veröffentlicht 24.01.2024 18:15:09
- Zuletzt bearbeitet 30.05.2025 15:15:39
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built b...
CVE-2024-23902
- EPSS 0.32%
- Veröffentlicht 24.01.2024 18:15:09
- Zuletzt bearbeitet 30.05.2025 15:15:39
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2024-23903
- EPSS 0.5%
- Veröffentlicht 24.01.2024 18:15:09
- Zuletzt bearbeitet 21.11.2024 08:58:40
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obt...
CVE-2018-1000185
- EPSS 0.64%
- Veröffentlicht 05.06.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:52
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
CVE-2017-1000087
- EPSS 0.79%
- Veröffentlicht 05.10.2017 01:29:03
- Zuletzt bearbeitet 13.05.2026 00:24:29
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of val...
CVE-2017-1000091
- EPSS 0.64%
- Veröffentlicht 05.10.2017 01:29:03
- Zuletzt bearbeitet 13.05.2026 00:24:29
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any ...