Vulnerabilities > Jenkins > Github Branch Source > 2.4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-24 | CVE-2024-23901 | Unspecified vulnerability in Jenkins Github Branch Source Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | 6.5 |
| 2024-01-24 | CVE-2024-23902 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | 4.3 |
| 2024-01-24 | CVE-2024-23903 | Incorrect Comparison vulnerability in Jenkins Github Branch Source Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |