Jenkins Project Jenkins Git Plugin vulnerabilities
7 known vulnerabilities affecting jenkins_project/jenkins_git_plugin.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2022-38663MEDIUMCVSS 6.5≥ unspecified, ≤ 4.11.42022-08-23
CVE-2022-38663 [MEDIUM] CWE-522 CVE-2022-38663: Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credenti
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
cvelistv5nvd
CVE-2022-36883HIGHCVSS 7.5PoC≥ unspecified, ≤ 4.11.32022-07-27
CVE-2022-36883 [HIGH] CWE-862 CVE-2022-36883: A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
cvelistv5nvd
CVE-2022-36882HIGHCVSS 8.8≥ unspecified, ≤ 4.11.32022-07-27
CVE-2022-36882 [HIGH] CWE-352 CVE-2022-36882: A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows at
A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
cvelistv5nvd
CVE-2022-36884MEDIUMCVSS 5.3≥ unspecified, ≤ 4.11.32022-07-27
CVE-2022-36884 [MEDIUM] CWE-306 CVE-2022-36884: The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers info
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
cvelistv5nvd
CVE-2022-30947HIGHCVSS 7.5≥ unspecified, ≤ 4.11.12022-05-17
CVE-2022-30947 [HIGH] CVE-2022-30947: Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
cvelistv5nvd
CVE-2021-21684MEDIUMCVSS 6.1≥ unspecified, ≤ 4.8.22021-10-06
CVE-2021-21684 [MEDIUM] CWE-116 CVE-2021-21684: Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to c
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
cvelistv5nvd
CVE-2020-2136MEDIUMCVSS 5.4≥ unspecified, ≤ 4.2.02020-03-09
CVE-2020-2136 [MEDIUM] CWE-79 CVE-2020-2136: Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Mi
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
cvelistv5nvd