io.jenkins.plugins:gitlab-branch-source

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting io.jenkins.plugins:gitlab-branch-sourcepage 1 of 1

CVE-2024-23901MEDIUMCVSS 6.5EG 6.5✓ Fixed in 688.v5fa
2024-01-24
vulnerable: 0.0.5-alpha-2 ... 684.vea_fa_7c1e2fe3 (56 versions)
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline be…
CVE-2024-23902MEDIUMCVSS 4.3EG 4.3✓ Fixed in 688.v5fa
2024-01-24
vulnerable: 0.0.5-alpha-2 ... 684.vea_fa_7c1e2fe3 (56 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2024-23903MEDIUMCVSS 5.3EG 5.3✓ Fixed in 688.v5fa
2024-01-24
vulnerable: 0.0.5-alpha-2 ... 684.vea_fa_7c1e2fe3 (56 versions)
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical met…

Check whether io.jenkins.plugins:gitlab-branch-source is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.jenkins.plugins:gitlab-branch-source CVEs against the assets you own.

Start Free Scan →