Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jenkins Subscribe
Filtered by product Github
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36885 1 Jenkins 1 Github 2022-08-03 N/A 5.3 MEDIUM
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
CVE-2018-1000600 1 Jenkins 1 Github 2019-10-02 4.3 MEDIUM 8.8 HIGH
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2018-1000184 1 Jenkins 1 Github 2018-07-18 5.5 MEDIUM 5.4 MEDIUM
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
CVE-2018-1000183 1 Jenkins 1 Github 2018-07-18 4.0 MEDIUM 6.5 MEDIUM
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.