org.jenkins-ci.plugins:ghprb
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:ghprbpage 1 of 1
- CVE-2018-1000142HIGHCVSS 7.8EG 7.8✓ Fixed in 1.40.02018-04-05
vulnerable: 1.0 ... 1.9 (113 versions)
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
- CVE-2018-1000143MEDIUMCVSS 6.7EG 6.7✓ Fixed in 1.32.12018-04-05
vulnerable: 1.0 ... 1.9 (92 versions)
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
- CVE-2018-1000186MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.42.02018-06-05
vulnerable: 1.0 ... 1.9 (115 versions)
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using at…
- CVE-2023-24434HIGHCVSS 8.8EG 8.82023-01-26
vulnerable: 1.0 ... 1.9 (118 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m…
- CVE-2023-24435MEDIUMCVSS 6.5EG 6.52023-01-26
vulnerable: 1.0 ... 1.9 (118 versions)
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through ano…
- CVE-2023-24436MEDIUMCVSS 4.3EG 4.32023-01-26
vulnerable: 1.0 ... 1.9 (118 versions)
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Check whether org.jenkins-ci.plugins:ghprb is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:ghprb CVEs against the assets you own.
Start Free Scan →