Maven package
com.coravy.hudson.plugins.github/github
pkg:maven/com.coravy.hudson.plugins.github/github
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46650 | — | < 1.37.3.1 | 1.37.3.1 | Oct 25, 2023 | Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||
| CVE-2022-36885 | — | < 1.34.5 | 1.34.5 | Jul 27, 2022 | Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. | ||
| CVE-2018-1000600 | — | < 1.29.2 | 1.29.2 | Jun 26, 2018 | A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing creden | ||
| CVE-2018-1000184 | — | < 1.29.1 | 1.29.1 | Jun 5, 2018 | A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||
| CVE-2018-1000183 | — | < 1.29.1 | 1.29.1 | Jun 5, 2018 | A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m |
- CVE-2023-46650Oct 25, 2023affected < 1.37.3.1fixed 1.37.3.1
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
- CVE-2022-36885Jul 27, 2022affected < 1.34.5fixed 1.34.5
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
- CVE-2018-1000600Jun 26, 2018affected < 1.29.2fixed 1.29.2
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing creden
- CVE-2018-1000184Jun 5, 2018affected < 1.29.1fixed 1.29.1
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
- CVE-2018-1000183Jun 5, 2018affected < 1.29.1fixed 1.29.1
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m