cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24397,https://securityvulnerability.io/vulnerability/CVE-2025-24397,Permission Check Flaw in Jenkins GitLab Plugin Allows Credential Enumeration,"A security vulnerability exists in the Jenkins GitLab Plugin, specifically in versions up to 1.9.6, due to an improper permission check. This flaw enables attackers who possess global Item/Configure permissions, but do not have permissions on specific jobs, to enumerate sensitive credential IDs associated with GitLab API tokens and Secret text credentials stored within Jenkins. This could potentially compromise the confidentiality of sensitive information, allowing unauthorized access and manipulation.",Jenkins,Jenkins Gitlab Plugin,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:51.699Z,0
CVE-2024-23903,https://securityvulnerability.io/vulnerability/CVE-2024-23903,Non-Constant Time Comparison Vulnerability in Jenkins GitLab Branch Source Plugin by Jenkins,"The Jenkins GitLab Branch Source Plugin versions 684.vea_fa_7c1e2fe3 and earlier are susceptible to a critical design flaw involving a non-constant time comparison when verifying webhook tokens. This improper validation method could potentially enable malicious actors to leverage statistical techniques to discern the valid token, ultimately compromising the integrity of the webhook communications and posing a significant security risk. It is vital for users of the affected versions to implement the necessary updates to mitigate this vulnerability.",Jenkins,Jenkins Gitlab Branch Source Plugin,5.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-01-24T17:52:26.696Z,0
CVE-2024-23902,https://securityvulnerability.io/vulnerability/CVE-2024-23902,Cross-Site Request Forgery in Jenkins GitLab Branch Source Plugin,"A security flaw has been identified in the GitLab Branch Source Plugin for Jenkins, where a cross-site request forgery (CSRF) can allow attackers to redirect users to a malicious URL of their choice. This vulnerability opens the door for unauthorized actions under the context of a victim user, potentially leading to malicious exploitation. Users are urged to assess their systems for the affected versions and apply the necessary security patches as recommended by the Jenkins security advisory.",Jenkins,Jenkins GitLab Branch Source Plugin,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-01-24T17:52:26.044Z,0
CVE-2024-23901,https://securityvulnerability.io/vulnerability/CVE-2024-23901,Unconditional Project Discovery Vulnerability in Jenkins GitLab Branch Source Plugin,"A vulnerability exists in the Jenkins GitLab Branch Source Plugin that allows unauthorized access to projects shared with the configured owner group. This flaw enables attackers to configure and share projects, leading to the potential execution of crafted Pipelines during subsequent scans. Security measures should be implemented to mitigate risks associated with project visibility and control.",Jenkins,Jenkins GitLab Branch Source Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-01-24T17:52:25.415Z,0
CVE-2023-39153,https://securityvulnerability.io/vulnerability/CVE-2023-39153,Cross-Site Request Forgery Vulnerability in Jenkins GitLab Authentication Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins GitLab Authentication Plugin versions 1.17.1 and earlier. This flaw enables attackers to manipulate authenticated users into unintentionally logging into an attacker's GitLab account, potentially leading to unauthorized access and actions within a user’s account. Proper security measures should be taken to mitigate the risks associated with this vulnerability.",Jenkins,Jenkins GitLab Authentication Plugin,5.4,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2023-07-26T14:15:00.000Z,0
CVE-2022-43411,https://securityvulnerability.io/vulnerability/CVE-2022-43411,Vulnerability in Jenkins GitLab Plugin Allows Token Exposure,"The Jenkins GitLab Plugin prior to version 1.5.36 employs a non-constant time comparison for verifying the equivalence of the provided webhook token against the expected token. This vulnerability can be exploited by attackers using statistical techniques, potentially leading to unauthorized access or control over the integration that relies on these tokens.",Jenkins,Jenkins Gitlab Plugin,5.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-34777,https://securityvulnerability.io/vulnerability/CVE-2022-34777,Stored Cross-Site Scripting in Jenkins GitLab Plugin Affects Multiple Versions,"The Jenkins GitLab Plugin, specifically versions 1.5.34 and earlier, is susceptible to a stored cross-site scripting (XSS) vulnerability. This flaw arises because the plugin fails to properly escape multiple fields in the descriptions of webhook-triggered builds. As a result, an attacker with Item/Configure permissions may exploit this vulnerability to inject malicious scripts, leading to potential data theft or unauthorized actions within the Jenkins instance.",Jenkins,Jenkins Gitlab Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-30T17:45:54.000Z,0
CVE-2022-30955,https://securityvulnerability.io/vulnerability/CVE-2022-30955,Insufficient Permission Check in Jenkins GitLab Plugin by Jenkins,"The Jenkins GitLab Plugin prior to version 1.5.32 lacks a proper permission check for an HTTP endpoint, enabling users with Overall/Read permissions to maliciously enumerate credential IDs. This oversight can lead to unauthorized disclosure of sensitive credential information stored in Jenkins, exposing organizations to potential security breaches.",Jenkins,Jenkins Gitlab Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-05-17T14:06:23.000Z,0
CVE-2022-27206,https://securityvulnerability.io/vulnerability/CVE-2022-27206,Insecure Storage of Client Secret in Jenkins GitLab Authentication Plugin,"The Jenkins GitLab Authentication Plugin prior to version 1.14 exposes a significant security risk due to the unencrypted storage of the GitLab client secret in the global config.xml file. This file resides on the Jenkins controller, making it accessible to users with file system access, which can lead to unauthorized access and exploitation of the user's GitLab environment. Proper handling and encryption of sensitive credentials are essential to mitigate these risks.",Jenkins,Jenkins Gitlab Authentication Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-15T16:45:53.000Z,0
CVE-2022-25196,https://securityvulnerability.io/vulnerability/CVE-2022-25196,Authentication Redirection Vulnerability in Jenkins GitLab Plugin by Jenkins,"The Jenkins GitLab Authentication Plugin versions 1.13 and earlier are vulnerable to an issue where the HTTP Referer header is recorded as part of the URL query parameters during the authentication process. This flaw enables attackers with access to Jenkins to create malicious URLs. When users log in, they may be redirected to an attacker-controlled site, potentially leading to phishing attacks or further exploitation.",Jenkins,Jenkins Gitlab Authentication Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-02-15T16:11:26.000Z,0
CVE-2020-2228,https://securityvulnerability.io/vulnerability/CVE-2020-2228,,"Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.",Jenkins,Jenkins Gitlab Authentication Plugin,8.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2020-07-15T17:00:29.000Z,0
CVE-2020-2096,https://securityvulnerability.io/vulnerability/CVE-2020-2096,,"Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.",Jenkins,Jenkins Gitlab Hook Plugin,6.1,MEDIUM,0.9467399716377258,false,,false,false,false,,,false,false,,2020-01-15T15:15:26.000Z,0
CVE-2019-10429,https://securityvulnerability.io/vulnerability/CVE-2019-10429,,Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,Jenkins,Jenkins Gitlab Logo Plugin,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-09-25T15:05:34.000Z,0
CVE-2019-10416,https://securityvulnerability.io/vulnerability/CVE-2019-10416,,"Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",Jenkins,Jenkins Violation Comments To Gitlab Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-09-25T15:05:33.000Z,0
CVE-2019-10415,https://securityvulnerability.io/vulnerability/CVE-2019-10415,,Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,Jenkins,Jenkins Violation Comments To Gitlab Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-09-25T15:05:33.000Z,0
CVE-2019-10372,https://securityvulnerability.io/vulnerability/CVE-2019-10372,,An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.,Jenkins,Jenkins Gitlab Authentication Plugin,6.1,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2019-08-07T14:20:24.000Z,0
CVE-2019-10371,https://securityvulnerability.io/vulnerability/CVE-2019-10371,,A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.,Jenkins,Jenkins Gitlab Authentication Plugin,7.5,HIGH,0.0016700000269338489,false,,false,false,false,,,false,false,,2019-08-07T14:20:24.000Z,0
CVE-2019-10300,https://securityvulnerability.io/vulnerability/CVE-2019-10300,,"A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Gitlab Plugin,8,HIGH,0.003220000071451068,false,,false,false,false,,,false,false,,2019-04-18T16:54:18.000Z,0
CVE-2019-10301,https://securityvulnerability.io/vulnerability/CVE-2019-10301,,"A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Gitlab Plugin,8.8,HIGH,0.0014400000218302011,false,,false,false,false,,,false,false,,2019-04-18T16:54:18.000Z,0