NotCVE - vendor:"Git" product:"Git" version:" >= 2.47.0

Page 2 of 14 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-1003010

https://notcve.org/view.php?id=CVE-2019-1003010

06 Feb 2019 — A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. Existe una vulnerabilidad Cross-Site Request Forgery (CSRF) en Jenkins Git Plugin, en versiones 3.9.1 y anteriores, en src/main/java/hudson/plugins/git/GitTagAction.java, que permite que los atacantes creen una etiqueta Git en un espacio de trabajo y adjunte... • https://access.redhat.com/errata/RHBA-2019:0326 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1000182

https://notcve.org/view.php?id=CVE-2018-1000182

05 Jun 2018 — A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Existe una vulnerabilidad Server-Side Request Forgery en el plugin Git en versiones 3.9.0 y anteriores de Jenkins en AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryB... • https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1000110

https://notcve.org/view.php?id=CVE-2018-1000110

13 Mar 2018 — An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Existe una vulnerabilidad de autorización incorrecta en el plugin Git para Jenkins, en versiones 3.7.0 y anteriores, en GitStatus.java que permite que un atacante con acceso de red obtenga una lista de nodos y usuarios. • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 124EXPL: 0

CVE-2017-1000092

https://notcve.org/view.php?id=CVE-2017-1000092

04 Oct 2017 — Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server. El plugin Git se conecta a un repositorio de Git especificado por el usuario como parte de la v... • http://www.securityfocus.com/bid/100435 • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2