Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins git vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv3
CVE-2018-1000182
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a G...
Jenkins Git
5.4
CVSSv3
CVE-2020-2238
Jenkins Git Parameter Plugin 0.9.12 and previous versions does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Git Parameter
5.4
CVSSv3
CVE-2022-29040
Jenkins Git Parameter Plugin 0.9.15 and previous versions does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Git Parameter
3.3
CVSSv3
CVE-2017-1000242
Jenkins Git Client Plugin 2.4.2 and previous versions creates temporary file with insecure permissions resulting in information disclosure
Jenkins Git Client
6.1
CVSSv3
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and previous versions in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/confi...
Jenkins Git Changelog
6.5
CVSSv3
CVE-2024-23899
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and previous versions does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to ...
Jenkins Git Server
5.4
CVSSv3
CVE-2020-2112
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
5.4
CVSSv3
CVE-2020-2113
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
6.5
CVSSv3
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and previous versions stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Git Changelog
8.1
CVSSv3
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »