- EPSS 0.09%
- Veröffentlicht 10.12.2025 16:50:38
- Zuletzt bearbeitet 17.12.2025 17:31:23
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name ...
CVE-2025-58458
- EPSS 0.05%
- Veröffentlicht 03.09.2025 15:02:26
- Zuletzt bearbeitet 04.11.2025 22:16:34
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing ...
CVE-2022-36881
- EPSS 0.74%
- Veröffentlicht 27.07.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 07:13:58
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
CVE-2019-10392
- EPSS 80.82%
- Veröffentlicht 12.09.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:19:02
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
CVE-2017-1000242
- EPSS 0.01%
- Veröffentlicht 01.11.2017 13:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure