Git Plugin

CVEs (2)

• CVE-2025-24397Jan 22, 2025
  Jenkins Project

  Git Plugin
  risk 0.00cvss —epss 0.01

  An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins.

• CVE-2019-1003010Feb 6, 2019
  Jenkins Project

  Git Plugin
  risk 0.00cvss —epss 0.01

  A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.