Jenkins Project Jenkins Git Client Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_git_client_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-67640MEDIUMCVSS 5.0≤ 6.4.02025-12-10
CVE-2025-67640 [MEDIUM] CWE-78 CVE-2025-67640: Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.
cvelistv5nvd
CVE-2022-36881HIGHCVSS 8.1≥ unspecified, ≤ 3.11.02022-07-27
CVE-2022-36881 [HIGH] CWE-295 CVE-2022-36881: Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connect
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
cvelistv5nvd
CVE-2019-10392HIGHCVSS 8.8v2.8.4 and earlier, 3.0.0-rc2019-09-12
CVE-2019-10392 [HIGH] CWE-78 CVE-2019-10392: Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
cvelistv5nvd