Maven package
org.jenkins-ci.plugins/git-server
pkg:maven/org.jenkins-ci.plugins/git-server
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-34146 | — | < 117.veb | 117.veb | May 2, 2024 | Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories. | ||
| CVE-2024-23899 | — | < 99.101.v720e86326c09 | 99.101.v720e86326c09 | Jan 24, 2024 | Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitra |
- CVE-2024-34146May 2, 2024affected < 117.vebfixed 117.veb
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
- CVE-2024-23899Jan 24, 2024affected < 99.101.v720e86326c09fixed 99.101.v720e86326c09
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitra