Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins github vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-2212
Jenkins GitHub Coverage Reporter Plugin 1.8 and previous versions stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration.
Jenkins Github Coverage Reporter
NA
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions unconditionally discovers projects that are shared with the configured owner group, allowing malicious users to configure and share a project, resulting in a crafted Pipeline being built by Jenkins duri...
Jenkins Github Branch Source
NA
CVE-2024-23902
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Github Branch Source
NA
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid we...
Jenkins Github Branch Source
4
CVSSv2
CVE-2018-1000185
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Jenkins Github Branch Source
6.8
CVSSv2
CVE-2020-2116
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
Jenkins Pipeline Github Notify Step
4
CVSSv2
CVE-2020-2117
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentia...
Jenkins Pipeline Github Notify Step
4
CVSSv2
CVE-2020-2118
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and previous versions in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Pipeline Github Notify Step
2.1
CVSSv2
CVE-2018-1000143
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
Jenkins Github Pull Request Builder
4
CVSSv2
CVE-2018-1000186
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained...
Jenkins Github Pull Request Builder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »