Search for packages
| purl | pkg:maven/org.jenkins-ci.plugins/github-branch-source@2.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-a1y1-cecp-cbbd
Aliases: CVE-2017-1000087 |
Information Exposure GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with `Overall/Read` permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-ee1e-58sz-5bak
Aliases: CVE-2017-1000091 |
Cross-Site Request Forgery (CSRF) GitHub Branch Source Plugin connects to a user-specified GitHub API URL as part of form validation and completion. This functionality improperly checked permissions, allowing any user with `Overall/Read` access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:37:10.383442+00:00 | GitLab Importer | Affected by | VCID-ee1e-58sz-5bak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/github-branch-source/CVE-2017-1000091.yml | 38.6.0 |
| 2026-06-02T04:37:09.713709+00:00 | GitLab Importer | Affected by | VCID-a1y1-cecp-cbbd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/github-branch-source/CVE-2017-1000087.yml | 38.6.0 |