CVE-2023-46650
- EPSS 3.54%
- Published 25.10.2023 18:17:39
- Last modified 21.11.2024 08:28:58
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-36885
- EPSS 0.24%
- Published 27.07.2022 15:15:08
- Last modified 21.11.2024 07:13:59
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
CVE-2018-1000600
- EPSS 94.11%
- Published 26.06.2018 17:29:00
- Last modified 21.11.2024 03:40:12
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through an...
CVE-2018-1000183
- EPSS 0.33%
- Published 05.06.2018 20:29:00
- Last modified 21.11.2024 03:39:52
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials ...
CVE-2018-1000184
- EPSS 0.03%
- Published 05.06.2018 20:29:00
- Last modified 21.11.2024 03:39:52
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.