Vulnerabilities > Jenkins > Github > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-46650 Cross-site Scripting vulnerability in Jenkins Github
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2022-07-27 CVE-2022-36885 Information Exposure Through Discrepancy vulnerability in Jenkins Github
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
network
low complexity
jenkins CWE-203
5.3
2018-06-26 CVE-2018-1000600 Information Exposure vulnerability in Jenkins Github
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
jenkins CWE-200
4.3
2018-06-05 CVE-2018-1000184 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
network
low complexity
jenkins CWE-918
5.5
2018-06-05 CVE-2018-1000183 Information Exposure vulnerability in Jenkins Github
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-200
4.0