Vulnerabilities > Jenkins > GIT Client

DATE CVE VULNERABILITY TITLE RISK
2022-07-27 CVE-2022-36881 Improper Certificate Validation vulnerability in Jenkins GIT Client
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
network
high complexity
jenkins CWE-295
8.1
2019-09-12 CVE-2019-10392 OS Command Injection vulnerability in Jenkins GIT Client
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
network
low complexity
jenkins CWE-78
8.8
2017-11-01 CVE-2017-1000242 Information Exposure vulnerability in Jenkins GIT Client
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
local
low complexity
jenkins CWE-200
3.3