Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins github vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24434
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credenti...
Jenkins Github Pull Request Builder
NA
CVE-2023-24435
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credenti...
Jenkins Github Pull Request Builder
NA
CVE-2023-24436
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Github Pull Request Builder
2.1
CVSSv2
CVE-2018-1000142
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
Jenkins Github Pull Request Builder
NA
CVE-2023-24442
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and previous versions stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to th...
Jenkins Github Pull Request Coverage Status
5.5
CVSSv2
CVE-2017-1000106
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing f...
Jenkins Blue Ocean
Jenkins Blue Ocean 1.2.0
4
CVSSv2
CVE-2017-1000110
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and ...
Jenkins Blue Ocean 1.2.0
Jenkins Blue Ocean
NA
CVE-2022-41239
Jenkins DotCi Plugin 2.40.00 and previous versions does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Dotci
NA
CVE-2023-40341
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and previous versions allows malicious users to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
Jenkins Blue Ocean
NA
CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an malicious user to cause a panic due to stack exhaustion via deeply nested types or declarations.
Golang Go
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »