Jenkins Project Jenkins Gitlab Plugin vulnerabilities
6 known vulnerabilities affecting jenkins_project/jenkins_gitlab_plugin.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-24397MEDIUMCVSS 4.3≤ 1.9.62025-01-22
CVE-2025-24397 [MEDIUM] CWE-863 CVE-2025-24397: An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with globa
An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins.
cvelistv5nvd
CVE-2022-43411MEDIUMCVSS 5.3≥ unspecified, ≤ 1.5.352022-10-19
CVE-2022-43411 [MEDIUM] CWE-203 CVE-2022-43411: Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking
Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
cvelistv5nvd
CVE-2022-34777MEDIUMCVSS 5.4≥ unspecified, ≤ 1.5.342022-06-30
CVE-2022-34777 [MEDIUM] CWE-79 CVE-2022-34777: Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the descripti
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
cvelistv5nvd
CVE-2022-30955MEDIUMCVSS 6.5≥ unspecified, ≤ 1.5.312022-05-17
CVE-2022-30955 [MEDIUM] CWE-862 CVE-2022-30955: Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, al
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
cvelistv5nvd
CVE-2019-10300HIGHCVSS 8.0v1.5.11 and earlier2019-04-18
CVE-2019-10300 [HIGH] CWE-352 CVE-2019-10300: A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLab
A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
cvelistv5nvd
CVE-2019-10301HIGHCVSS 8.8v1.5.11 and earlier2019-04-18
CVE-2019-10301 [HIGH] CWE-862 CVE-2019-10301: A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig
A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
cvelistv5nvd