Vulnerabilities > Jenkins > GIT > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-23 CVE-2022-38663 Insufficiently Protected Credentials vulnerability in Jenkins GIT
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
network
low complexity
jenkins CWE-522
6.5
2022-07-27 CVE-2022-36884 Missing Authentication for Critical Function vulnerability in Jenkins GIT
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
network
low complexity
jenkins CWE-306
5.3
2021-10-06 CVE-2021-21684 Improper Encoding or Escaping of Output vulnerability in Jenkins GIT
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
network
low complexity
jenkins CWE-116
6.1
2020-03-09 CVE-2020-2136 Cross-site Scripting vulnerability in Jenkins GIT
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
network
low complexity
jenkins CWE-79
5.4
2019-02-06 CVE-2019-1003010 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
4.3
2018-06-05 CVE-2018-1000182 Server-Side Request Forgery (SSRF) vulnerability in Jenkins GIT
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
network
low complexity
jenkins CWE-918
5.5
2018-03-13 CVE-2018-1000110 Incorrect Authorization vulnerability in Jenkins GIT
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.0