Jenkins Github Pull Request Builder vulnerabilities
6 known vulnerabilities affecting jenkins/github_pull_request_builder.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-24434HIGHCVSS 8.8≤ 1.42.22023-01-26
CVE-2023-24434 [HIGH] CWE-352 CVE-2023-24434: A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
nvd
CVE-2023-24435MEDIUMCVSS 6.5≤ 1.42.22023-01-26
CVE-2023-24435 [MEDIUM] CWE-862 CVE-2023-24435: A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows a
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
nvd
CVE-2023-24436MEDIUMCVSS 4.3≤ 1.42.22023-01-26
CVE-2023-24436 [MEDIUM] CWE-862 CVE-2023-24436: A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows a
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
nvd
CVE-2018-1000186MEDIUMCVSS 6.5≤ 1.41.02018-06-05
CVE-2018-1000186 [MEDIUM] CWE-200 CVE-2018-1000186: A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plug
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
nvd
CVE-2018-1000142HIGHCVSS 7.8≤ 1.39.02018-04-05
CVE-2018-1000142 [HIGH] CWE-200 CVE-2018-1000142: An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plu
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
nvd
CVE-2018-1000143MEDIUMCVSS 6.7≤ 1.39.02018-04-05
CVE-2018-1000143 [MEDIUM] CWE-200 CVE-2018-1000143: An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plu
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
nvd