Jenkins Git 3.4.1 for Jenkins

CPE Details

Jenkins Git 3.4.1 for Jenkins
jenkins
git
3.4.1
2017-10-17
15h00 +00:00
2017-10-17
15h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jenkins:git:3.4.1:*:*:*:*:jenkins:*:*

Informations

Vendor

jenkins

Product

git

Version

3.4.1

Target Software

jenkins

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-38663 2022-08-23 14h45 +00:00 Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
6.5
Medium
CVE-2022-36884 2022-07-27 12h21 +00:00 The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
5.3
Medium
CVE-2022-36883 2022-07-27 12h21 +00:00 A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
7.5
High
CVE-2022-36882 2022-07-27 12h20 +00:00 A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
8.8
High
CVE-2022-30947 2022-05-17 12h06 +00:00 Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
7.5
High
CVE-2021-21684 2021-10-06 20h10 +00:00 Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
6.1
Medium
CVE-2020-2136 2020-03-09 14h00 +00:00 Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
5.4
Medium
CVE-2019-1003010 2019-02-06 15h00 +00:00 A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
4.3
Medium
CVE-2018-1000182 2018-06-05 20h00 +00:00 A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
6.4
Medium
CVE-2018-1000110 2018-03-13 13h00 +00:00 An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
5.3
Medium