VYPR

Maven package

org.jenkins-ci.plugins/github-oauth

pkg:maven/org.jenkins-ci.plugins/github-oauth

Vulnerabilities (3)

  • CVE-2019-10315Apr 30, 2019
    affected < 0.32fixed 0.32

    Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.

  • CVE-2019-1003019Feb 6, 2019
    affected < 0.31fixed 0.31

    An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

  • CVE-2019-1003018Feb 6, 2019
    affected < 0.31fixed 0.31

    An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension