org.jenkins-ci.plugins:git
Maven13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:gitpage 1 of 1
- CVE-2017-1000092HIGHCVSS 7.5EG 7.5✓ Fixed in 3.3.22017-10-05
vulnerable: 1.2.0 ... 3.3.1 (71 versions)
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissi…
- CVE-2018-1000110MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.8.02018-03-13
vulnerable: 1.2.0 ... 3.7.0 (86 versions)
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
- CVE-2018-1000182MEDIUMCVSS 6.4EG 6.4✓ Fixed in 3.9.12018-06-05
vulnerable: 1.2.0 ... 3.9.0 (88 versions)
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall…
- CVE-2019-1003010MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.9.22019-02-06
vulnerable: 1.2.0 ... 3.9.1 (89 versions)
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a…
- CVE-2020-2136MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.2.12020-03-09
vulnerable: 1.2.0 ... 4.2.0 (117 versions)
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
- CVE-2021-21684MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.8.32021-10-06
vulnerable: 1.2.0 ... 4.8.2 (138 versions)
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
- CVE-2022-30947HIGHCVSS 7.5EG 7.5✓ Fixed in 4.11.22022-05-17
vulnerable: 1.2.0 ... 4.9.4 (150 versions)
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other p…
- CVE-2022-30949MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.11.22022-05-17
vulnerable: 1.2.0 ... 4.9.4 (150 versions)
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other …
- CVE-2022-36882HIGHCVSS 8.8EG 8.8✓ Fixed in 4.11.42022-07-27
vulnerable: 1.2.0 ... 4.9.4 (152 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specifi…
- CVE-2022-36883HIGHCVSS 7.5EG 7.5✓ Fixed in 4.11.42022-07-27
vulnerable: 1.2.0 ... 4.9.4 (152 versions)
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified comm…
- CVE-2022-36884MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.11.42022-07-27
vulnerable: 1.2.0 ... 4.9.4 (152 versions)
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
- CVE-2022-38663MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.11.52022-08-23
vulnerable: 1.2.0 ... 4.9.4 (153 versions)
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
- CVE-2026-42523CRITICALCVSS 9.0EG 9.0✓ Fixed in 1.46.0.12026-04-29
vulnerable: 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0-beta-1
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulne…
Check whether org.jenkins-ci.plugins:git is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:git CVEs against the assets you own.
Start Free Scan →