NotCVE - vendor:"Git-scm" product:"Git" version:" >= 2.26.0

Page 4 of 32 results (0.006 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1000110

https://notcve.org/view.php?id=CVE-2018-1000110

13 Mar 2018 — An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Existe una vulnerabilidad de autorización incorrecta en el plugin Git para Jenkins, en versiones 3.7.0 y anteriores, en GitStatus.java que permite que un atacante con acceso de red obtenga una lista de nodos y usuarios. • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 124EXPL: 0

CVE-2017-1000092

https://notcve.org/view.php?id=CVE-2017-1000092

04 Oct 2017 — Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server. El plugin Git se conecta a un repositorio de Git especificado por el usuario como parte de la v... • http://www.securityfocus.com/bid/100435 • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2 3 4