Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins github branch source vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions unconditionally discovers projects that are shared with the configured owner group, allowing malicious users to configure and share a project, resulting in a crafted Pipeline being built by Jenkins duri...
Jenkins Github Branch Source
4.3
CVSSv3
CVE-2024-23902
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Github Branch Source
5.3
CVSSv3
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid we...
Jenkins Github Branch Source
5.5
CVSSv3
CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an malicious user to cause a panic due to stack exhaustion via deeply nested types or declarations.
Golang Go
6.5
CVSSv3
CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Golang Go
7.5
CVSSv3
CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 allows a panic via long scalar input.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
4.3
CVSSv3
CVE-2018-1000185
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Jenkins Github Branch Source
4.3
CVSSv3
CVE-2017-1000087
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those...
Jenkins Github Branch Source 0.1
Jenkins Github Branch Source 1.0
Jenkins Github Branch Source 1.1
Jenkins Github Branch Source 1.2
Jenkins Github Branch Source 2.0.1
Jenkins Github Branch Source 2.2.0
Jenkins Github Branch Source 1.7
Jenkins Github Branch Source 1.8
Jenkins Github Branch Source 1.8.1
Jenkins Github Branch Source 1.9
Jenkins Github Branch Source 2.0.3
Jenkins Github Branch Source 2.0.4
Jenkins Github Branch Source 2.0.5
Jenkins Github Branch Source 1.4
Jenkins Github Branch Source 1.5
Jenkins Github Branch Source 2.0.0
Jenkins Github Branch Source
Jenkins Github Branch Source 1.3
Jenkins Github Branch Source 1.6
Jenkins Github Branch Source 1.10
Jenkins Github Branch Source 2.0.2
Jenkins Github Branch Source 2.0.6
6.3
CVSSv3
CVE-2017-1000091
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access ...
Jenkins Github Branch Source 1.1
Jenkins Github Branch Source 1.2
Jenkins Github Branch Source 1.3
Jenkins Github Branch Source 1.4
Jenkins Github Branch Source 0.1
Jenkins Github Branch Source 1.0
Jenkins Github Branch Source 1.6
Jenkins Github Branch Source 2.0.0
Jenkins Github Branch Source 2.0.1
Jenkins Github Branch Source 2.0.2
Jenkins Github Branch Source 2.0.4
Jenkins Github Branch Source 2.2.0
Jenkins Github Branch Source 1.8
Jenkins Github Branch Source 1.8.1
Jenkins Github Branch Source 1.9
Jenkins Github Branch Source 1.10
Jenkins Github Branch Source 2.0.5
Jenkins Github Branch Source 2.0.6
Jenkins Github Branch Source 2.0.7
Jenkins Github Branch Source 1.5
Jenkins Github Branch Source 1.7
Jenkins Github Branch Source 2.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started