VYPR

Maven package

io.jenkins.plugins/gitlab-branch-source

pkg:maven/io.jenkins.plugins/gitlab-branch-source

Vulnerabilities (3)

  • CVE-2024-23903Jan 24, 2024
    affected < 688.v5fafixed 688.v5fa

    Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

  • CVE-2024-23902Jan 24, 2024
    affected < 688.v5fafixed 688.v5fa

    A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.

  • CVE-2024-23901Jan 24, 2024
    affected < 688.v5fafixed 688.v5fa

    Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan