VYPR

Github Plugin

by Jenkins Project

Source repositories

CVEs (3)

  • CVE-2023-46650Oct 25, 2023
    risk 0.00cvss epss 0.01

    Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2022-36885Jul 27, 2022
    risk 0.00cvss epss 0.01

    Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.

  • CVE-2019-20864Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account.