Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins github vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-41239
Jenkins DotCi Plugin 2.40.00 and previous versions does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Dotci
6.5
CVSSv3
CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Golang Go
5.5
CVSSv3
CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an malicious user to cause a panic due to stack exhaustion via deeply nested types or declarations.
Golang Go
6.5
CVSSv3
CVE-2022-32148
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the ...
Golang Go
5.3
CVSSv3
CVE-2022-36885
Jenkins GitHub Plugin 1.34.4 and previous versions uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing malicious users to use statistical methods to obtain a valid webhook signature.
Jenkins Github
7.5
CVSSv3
CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 allows a panic via long scalar input.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
4.3
CVSSv3
CVE-2020-2212
Jenkins GitHub Coverage Reporter Plugin 1.8 and previous versions stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration.
Jenkins Github Coverage Reporter
4.3
CVSSv3
CVE-2020-2118
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and previous versions in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Pipeline Github Notify Step
8.8
CVSSv3
CVE-2020-2116
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
Jenkins Pipeline Github Notify Step
4.3
CVSSv3
CVE-2020-2117
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentia...
Jenkins Pipeline Github Notify Step
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »