Vulnerabilities > Jenkins > Github Branch Source > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-24 | CVE-2024-23901 | Unspecified vulnerability in Jenkins Github Branch Source Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | 6.5 |
| 2024-01-24 | CVE-2024-23902 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | 4.3 |
| 2024-01-24 | CVE-2024-23903 | Incorrect Comparison vulnerability in Jenkins Github Branch Source Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2018-06-05 | CVE-2018-1000185 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github Branch Source A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 4.3 |
| 2017-10-05 | CVE-2017-1000091 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. | 6.3 |
| 2017-10-05 | CVE-2017-1000087 | Information Exposure vulnerability in Jenkins Github Branch Source GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. | 4.3 |