VYPR

Github Branch Source

by Jenkins Project

Source repositories

CVEs (4)

  • CVE-2017-1000091MedOct 5, 2017
    risk 0.41cvss 6.3epss 0.01

    GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access…

  • CVE-2026-57285modJun 24, 2026
    risk 0.28cvss 4.3epss 0.00

    Jenkins GitHub Branch Source Plugin: Jenkins GitHub Branch Source Plugin: Information disclosure via missing permission check

  • CVE-2026-42522MedApr 29, 2026
    risk 0.28cvss 4.3epss 0.00

    A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.

  • CVE-2017-1000087MedOct 5, 2017
    risk 0.28cvss 4.3epss 0.01

    GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those…