Vulnerabilities > Jenkins > Github Branch Source > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-24 CVE-2024-23901 Unspecified vulnerability in Jenkins Github Branch Source
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.
network
low complexity
jenkins
6.5
2024-01-24 CVE-2024-23902 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-352
4.3
2024-01-24 CVE-2024-23903 Incorrect Comparison vulnerability in Jenkins Github Branch Source
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2018-06-05 CVE-2018-1000185 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github Branch Source
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
network
low complexity
jenkins CWE-918
4.0
2017-10-05 CVE-2017-1000091 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g.
network
jenkins CWE-352
6.8
2017-10-05 CVE-2017-1000087 Information Exposure vulnerability in Jenkins Github Branch Source
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use.
network
low complexity
jenkins CWE-200
4.0