cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-34146,https://securityvulnerability.io/vulnerability/CVE-2024-34146,Git repository access vulnerability in Jenkins Git server Plugin,"Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.",Jenkins,Jenkins Git Server Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-02T13:28:04.598Z,0
CVE-2024-23899,https://securityvulnerability.io/vulnerability/CVE-2024-23899,Unauthorized File Read Vulnerability in Jenkins Git Server Plugin,"The Jenkins Git Server Plugin is susceptible to a command parsing flaw that enables attackers with Overall/Read permissions to exploit a feature that improperly processes commands. Specifically, the vulnerability arises from the plugin's failure to restrict the '@' character, which—when followed by a file path—results in the inclusion of the file’s contents in user responses. As a consequence, an attacker can obtain unauthorized access to arbitrary files on the Jenkins controller's file system, potentially exposing sensitive information and undermining the integrity of the system.",Jenkins,Jenkins Git server Plugin,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-01-24T17:52:24.131Z,0
CVE-2022-43421,https://securityvulnerability.io/vulnerability/CVE-2022-43421,Unauthenticated Access in Jenkins Tuleap Git Branch Source Plugin,"A flaw in the Jenkins Tuleap Git Branch Source Plugin versions up to 3.2.4 allows unauthorized users to exploit missing permission checks. This vulnerability enables attackers to trigger specific Tuleap projects by manipulating the configured repository values, leading to potential exposure and misuse of sensitive project data.",Jenkins,Jenkins Tuleap Git Branch Source Plugin,5.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-38663,https://securityvulnerability.io/vulnerability/CVE-2022-38663,Credential Exposure in Jenkins Git Plugin by CloudBees,"The Jenkins Git Plugin prior to version 4.11.5 improperly masks sensitive credentials in build logs. Specifically, the Git Username and Password (`gitUsernamePassword`) credentials binding fails to replace these credentials with asterisks, potentially exposing them to unauthorized users. This vulnerability could lead to sensitive information leakage, putting affected systems at risk. It's crucial for users of the Jenkins Git Plugin to upgrade to the latest version to mitigate exposure risks associated with this issue.",Jenkins,Jenkins Git Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-08-23T16:45:16.000Z,0
CVE-2022-36884,https://securityvulnerability.io/vulnerability/CVE-2022-36884,Unauthenticated Information Exposure in Jenkins Git Plugin,"The webhook endpoint in Jenkins Git Plugin versions up to 4.11.3 is susceptible to unauthenticated attacks, allowing malicious users to gain knowledge about jobs that utilize a specified Git repository. This vulnerability enables attackers to enumerate existing jobs without authentication, thereby risking confidential project insights and potentially leading to further exploitation.",Jenkins,Jenkins Git Plugin,5.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-07-27T14:21:25.000Z,0
CVE-2022-36883,https://securityvulnerability.io/vulnerability/CVE-2022-36883,Missing Permission Check in Jenkins Git Plugin by Jenkins,"An issue in the Jenkins Git Plugin allows unauthenticated users to trigger builds on jobs that are configured to use a Git repository specified by the attacker, leading to the potential execution of arbitrary code. This vulnerability arises from a missing permission check in versions 4.11.3 and earlier, making it critical for users to update their installations to prevent unauthorized access to sensitive build processes.",Jenkins,Jenkins Git Plugin,7.5,HIGH,0.08438000082969666,false,,false,false,false,,,false,false,,2022-07-27T14:21:12.000Z,0
CVE-2022-36882,https://securityvulnerability.io/vulnerability/CVE-2022-36882,Cross-Site Request Forgery in Jenkins Git Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Git Plugin up to version 4.11.3, allowing attackers to exploit built jobs. By leveraging this vulnerability, attackers can initiate builds configured with an unauthorized Git repository and subsequently checkout any specified commit, impacting the integrity and security of the Jenkins environment.",Jenkins,Jenkins Git Plugin,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2022-07-27T14:20:59.000Z,0
CVE-2022-36881,https://securityvulnerability.io/vulnerability/CVE-2022-36881,SSH Host Key Verification Bypass in Jenkins Git Client Plugin,"The Jenkins Git Client Plugin prior to version 3.11.0 lacks SSH host key verification when establishing connections to Git repositories via SSH. This security oversight makes it possible for attackers to execute man-in-the-middle attacks, thereby potentially intercepting or manipulating data transmitted between Jenkins and the target Git repository. Proper host key verification is crucial to ensure the authenticity of the repository and prevent unauthorized access, making it essential for users of affected versions to upgrade to mitigate this risk.",Jenkins,Jenkins Git Client Plugin,8.1,HIGH,0.0014400000218302011,false,,false,false,false,,,false,false,,2022-07-27T14:20:49.000Z,0
CVE-2022-30947,https://securityvulnerability.io/vulnerability/CVE-2022-30947,Local Path Disclosure in Jenkins Git Plugin Affects Security & Data Privacy,"The Jenkins Git Plugin version 4.11.1 and earlier is susceptible to a local path disclosure vulnerability, where users with pipeline configuration permissions can access the file system of the Jenkins controller. This issue arises when attackers exploit the ability to check out Source Code Management (SCM) repositories using local paths as URLs, which could inadvertently expose limited information about other projects' SCM data. Organizations must review and secure pipeline configurations to mitigate potential data exposure and ensure robust security practices.",Jenkins,Jenkins Git Plugin,7.5,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2022-05-17T15:15:00.000Z,0
CVE-2022-29040,https://securityvulnerability.io/vulnerability/CVE-2022-29040,Stored Cross-Site Scripting in Git Parameter Plugin for Jenkins,"The Git Parameter Plugin for Jenkins contains a stored cross-site scripting vulnerability where the name and description of Git parameters are not properly escaped. This oversight can allow attackers with Item/Configure permission to inject malicious scripts into views that display these parameters, potentially compromising user interactions with the application.",Jenkins,Jenkins Git Parameter Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-04-12T19:50:35.000Z,0
CVE-2022-27212,https://securityvulnerability.io/vulnerability/CVE-2022-27212,Stored Cross-Site Scripting Vulnerability in Jenkins List Git Branches Parameter Plugin,"The List Git Branches Parameter Plugin in Jenkins versions 0.0.9 and earlier has a security issue where the 'List Git branches (and more)' parameter name is not properly escaped. This oversight allows attackers with Item/Configure permissions to execute malicious scripts stored within the parameter's input, leading to a persistent cross-site scripting vulnerability. As a result, it could potentially compromise the integrity of the Jenkins environment and expose sensitive information to unauthorized users.",Jenkins,Jenkins List Git Branches Parameter Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-15T16:46:03.000Z,0
CVE-2021-21684,https://securityvulnerability.io/vulnerability/CVE-2021-21684,Stored XSS Vulnerability in Jenkins Git Plugin Affects Developer Tools,"The Jenkins Git Plugin, specifically versions 4.8.2 and earlier, contains a vulnerability where Git SHA-1 checksum parameters are not properly escaped. This oversight allows attackers to inject harmful scripts into the build cause, resulting in a stored cross-site scripting (XSS) vulnerability. When users view build notifications, these scripts can execute in their browsers, potentially compromising user data and affecting application integrity. It is critical for organizations using the affected versions of the Git Plugin to apply the necessary updates to mitigate this serious threat.",Jenkins,Jenkins Git Plugin,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2021-10-06T23:15:00.000Z,0
CVE-2020-2238,https://securityvulnerability.io/vulnerability/CVE-2020-2238,,"Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",Jenkins,Jenkins Git Parameter Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-09-01T13:50:30.000Z,0
CVE-2020-2136,https://securityvulnerability.io/vulnerability/CVE-2020-2136,,"Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.",Jenkins,Jenkins Git Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-03-09T15:00:57.000Z,0
CVE-2020-2113,https://securityvulnerability.io/vulnerability/CVE-2020-2113,,"Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.",Jenkins,Jenkins Git Parameter Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-02-12T14:35:41.000Z,0
CVE-2020-2112,https://securityvulnerability.io/vulnerability/CVE-2020-2112,,"Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.",Jenkins,Jenkins Git Parameter Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-02-12T14:35:41.000Z,0
CVE-2019-10414,https://securityvulnerability.io/vulnerability/CVE-2019-10414,,"Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",Jenkins,Jenkins Git Changelog Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-09-25T15:05:33.000Z,0
CVE-2019-10392,https://securityvulnerability.io/vulnerability/CVE-2019-10392,,"Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.",Jenkins,Jenkins Git Client Plugin,8.8,HIGH,0.9242200255393982,false,,false,false,true,2019-09-26T05:45:00.000Z,true,false,false,,2019-09-12T13:55:15.000Z,0