Search for packages
| purl | pkg:maven/com.coravy.hudson.plugins.github/github@0.2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9h4k-xjx5-afc8
Aliases: CVE-2022-36885 GHSA-mxcc-7h5m-x57r |
Jenkins GitHub plugin uses weak webhook signature function Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. GitHub Plugin 1.34.5 uses a constant-time comparison when validating the webhook signature. |
Affected by 0 other vulnerabilities. |
|
VCID-cqz5-3btv-3fbq
Aliases: CVE-2018-1000184 GHSA-gh85-mq87-r7v3 |
Server-Side Request Forgery (SSRF) A server-side request forgery vulnerability exists in the Jenkins GitHub Plugin in `GitHubPluginConfig.java` that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
Affected by 1 other vulnerability. |
|
VCID-g6yv-hh51-mfak
Aliases: CVE-2018-1000183 GHSA-v7g7-cmxx-wxw9 |
Information Exposure A vulnerability exists in the Jenkins GitHub Plugin in `GitHubServerConfig.java` that allows attackers with Overall/Read IDs obtained through another method, to capture credentials stored in Jenkins. |
Affected by 1 other vulnerability. |
|
VCID-tkye-gc3b-n3c5
Aliases: CVE-2018-1000600 GHSA-6cvm-v6qj-hjq9 |
Information Exposure A vulnerability exists in the Jenkins GitHub Plugin in `GitHubTokenCredentialsCreator.java` that allows attackers to capture credentials stored in Jenkins. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-zh7t-qc1z-6few
Aliases: CVE-2023-46650 GHSA-mv77-fj63-q5w8 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||