Search for packages
| purl | pkg:maven/org.jenkins-ci.plugins/git@3.9.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8575-gsc8-xkd6
Aliases: CVE-2019-1003010 GHSA-r8rw-xx57-m64q |
Cross-Site Request Forgery (CSRF) A cross-site request forgery vulnerability exists in Jenkins Git Plugin in `src/main/java/hudson/plugins/git/GitTagAction.java` allowing attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-xgj6-rjgr-dqf1 | Server-Side Request Forgery (SSRF) A server-side request forgery vulnerability exists in the Jenkins Git Plugin that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
CVE-2018-1000182
GHSA-53wf-vqf9-cgf2 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:30:54.273572+00:00 | GHSA Importer | Fixing | VCID-xgj6-rjgr-dqf1 | https://github.com/advisories/GHSA-53wf-vqf9-cgf2 | 38.1.0 |
| 2026-04-04T14:30:14.971447+00:00 | GHSA Importer | Affected by | VCID-8575-gsc8-xkd6 | https://github.com/advisories/GHSA-r8rw-xx57-m64q | 38.1.0 |
| 2026-04-01T13:08:52.377165+00:00 | GithubOSV Importer | Fixing | VCID-xgj6-rjgr-dqf1 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-53wf-vqf9-cgf2/GHSA-53wf-vqf9-cgf2.json | 38.0.0 |
| 2026-04-01T12:48:17.093968+00:00 | GitLab Importer | Affected by | VCID-8575-gsc8-xkd6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/git/CVE-2019-1003010.yml | 38.0.0 |
| 2026-04-01T12:47:43.612639+00:00 | GitLab Importer | Fixing | VCID-xgj6-rjgr-dqf1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/git/CVE-2018-1000182.yml | 38.0.0 |