Vulnerabilites related to jenkins - github_branch_source
CVE-2024-23901 (GCVE-0-2024-23901)
Vulnerability from cvelistv5
Published
2024-01-24 17:52
Modified
2025-05-30 14:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jenkins Project | Jenkins GitLab Branch Source Plugin |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2024-01-24",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T23:30:52.794609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:16:37.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins GitLab Branch Source Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "684.vea_fa_7c1e2fe3",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group."
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T17:55:11.222Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2024-01-24",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2024-23901",
"datePublished": "2024-01-24T17:52:25.415Z",
"dateReserved": "2024-01-23T12:46:51.264Z",
"dateUpdated": "2025-05-30T14:16:37.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000087 (GCVE-0-2017-1000087)
Vulnerability from cvelistv5
Published
2017-10-04 01:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jenkins.io/security/advisory/2017-07-10/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they\u0027d like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.309464",
"ID": "CVE-2017-1000087",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they\u0027d like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-07-10/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000087",
"datePublished": "2017-10-04T01:00:00",
"dateReserved": "2017-07-13T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23902 (GCVE-0-2024-23902)
Vulnerability from cvelistv5
Published
2024-01-24 17:52
Modified
2025-05-30 14:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jenkins Project | Jenkins GitLab Branch Source Plugin |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2024-01-24",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:35:08.959168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:16:31.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins GitLab Branch Source Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "684.vea_fa_7c1e2fe3",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL."
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T17:55:12.254Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2024-01-24",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2024-23902",
"datePublished": "2024-01-24T17:52:26.044Z",
"dateReserved": "2024-01-23T12:46:51.264Z",
"dateUpdated": "2025-05-30T14:16:31.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000091 (GCVE-0-2017-1000091)
Vulnerability from cvelistv5
Published
2017-10-04 01:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jenkins.io/security/advisory/2017-07-10/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.311579",
"ID": "CVE-2017-1000091",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-07-10/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000091",
"datePublished": "2017-10-04T01:00:00",
"dateReserved": "2017-07-13T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000185 (GCVE-0-2018-1000185)
Vulnerability from cvelistv5
Published
2018-06-05 20:00
Modified
2024-09-16 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:46.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-05T12:46:01.941970",
"DATE_REQUESTED": "2018-06-05T00:00:00",
"ID": "CVE-2018-1000185",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000185",
"datePublished": "2018-06-05T20:00:00Z",
"dateReserved": "2018-06-05T00:00:00Z",
"dateUpdated": "2024-09-16T22:14:09.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23903 (GCVE-0-2024-23903)
Vulnerability from cvelistv5
Published
2024-01-24 17:52
Modified
2025-02-13 17:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jenkins Project | Jenkins GitLab Branch Source Plugin |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2024-01-24",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-2871"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:13:30.696236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:14:13.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins GitLab Branch Source Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "684.vea_fa_7c1e2fe3",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T17:55:13.322Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2024-01-24",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-2871"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2024-23903",
"datePublished": "2024-01-24T17:52:26.696Z",
"dateReserved": "2024-01-23T12:46:51.265Z",
"dateUpdated": "2025-02-13T17:39:59.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-10-05 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jenkins.io/security/advisory/2017-07-10/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jenkins.io/security/advisory/2017-07-10/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:0.1:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "A511F648-0D88-4D1F-9EA1-851C066EA9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:0.1:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "B6096BE5-B2AA-4DB5-AF31-D137C562CC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:0.1:beta-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "F7508088-0FCC-47B5-9562-60F929B45088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:0.1:beta-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "D7A04FB1-3555-47BF-844A-75714A2B8A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "6FF29165-A7E7-4338-A805-95F9D35C82EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F5E10E7C-A96E-4D72-901A-A975C5C74933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "2F4EC898-A3AD-4749-80D0-3D8B4E0A62A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "55DD8799-3D69-46C3-BAEF-3AE8253A48D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3D30BBA5-114F-4222-9C1C-2452D47E1263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.4:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "EABBCDC8-187C-4E98-A54F-E408BEA40D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "5AF85B9C-00AC-4C01-8979-DF1EE693BA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.6:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "E37CFC39-1337-42C1-A9E8-D3D1DC2885BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.7:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "31AE1E2F-64E9-4A1D-A9CB-F4C314B0AB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.8:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "403B2716-91C6-407A-8670-F848D34D0DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.8.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "7CBFB929-A823-4681-A59D-0B8F4961D78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.9:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "7E263793-F71F-4DCD-8C3D-5197D90F1C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.10:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "61E15CCA-CCCB-4FEB-AED2-D412A69FEEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F4C6C0E5-20E9-4864-A6C1-53656F2852DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "2418A083-456F-457B-A77E-4D1C824E36D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.0:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "26CDE908-A6A1-4AB1-98C0-0C0E4A5980E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "AD5E5DF9-9C36-4694-8BF9-BD0414AA94B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "0DC703A2-C0AD-404B-B396-6584B585F9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "1EB3064E-F4A0-47CF-9AC1-5718B01429BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "BC77DA15-8BCE-4FB2-8167-ADFA9A3F2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "E2B6D674-9F05-4294-B84D-0181460DDB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-5:*:*:*:jenkins:*:*",
"matchCriteriaId": "42B72E35-5768-4BE1-A758-D2C7D8251C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-6:*:*:*:jenkins:*:*",
"matchCriteriaId": "D357735D-58BB-42C8-A8DA-0F3970BC4A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "5F904453-6C74-43DE-A21F-E0F3C060EA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "64374558-36DA-4841-8B20-2DD3188BD1F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "32C595AA-EE76-4446-BD6B-576ED2EDE5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.4:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "ECDB4CDE-7547-49E9-9DF7-F3DAEDB0FF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "016AC1F5-FC7E-4D94-B13B-B375E3483F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.6:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3A3A960B-EA82-4EEC-A6B8-02D1246534CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.7:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "C0782CF8-414A-4061-AAEC-20166C658A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:alpha-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "BF2EF3DA-DBBE-458E-ACFC-2A330A3915A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:alpha-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "1B7FD58E-9959-4C40-9846-57ED0CA9A36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:alpha-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "299AE4BC-BD79-4629-9C47-6B517482FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:alpha-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "E4F9BF9F-197C-4027-81D5-8E9A7F92ED79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "69C82FCF-CEF6-4CE7-868F-C8E2F181A034",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery."
},
{
"lang": "es",
"value": "El plugin GitHub Branch Source conecta con una URL de una API de GitHub especificada por el usuario (por ejemplo, GitHub Enterprise) como parte de la validaci\u00f3n y finalizaci\u00f3n del formulario (por ejemplo, para verificar que las Scan Credentials son correctas). La herramienta no comprueba correctamente los permisos, lo que permite que cualquier usuario con acceso Overall/Read a Jenkins se conecte a cualquier servidor web y env\u00ede credenciales con un ID conocido, pudiendo capturarlos en consecuencia. Adem\u00e1s, esta funcionalidad no necesita utilizar peticiones POST, permitiendo que se realice lo anterior sin tener acceso directo a Jenkins mediante ataques de tipo Cross-Site Request Forgery (CSRF)."
}
],
"id": "CVE-2017-1000091",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T01:29:03.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-24 18:15
Modified
2024-11-21 08:58
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jenkins | github_branch_source | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3240CAB2-53E9-49EA-8EEF-0FBD0ADFFFF4",
"versionEndIncluding": "684.vea_fa_7c1e2fe3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
},
{
"lang": "es",
"value": "El complemento Jenkins GitLab Branch Source 684.vea_fa_7c1e2fe3 y versiones anteriores utiliza una funci\u00f3n de comparaci\u00f3n de tiempo no constante al verificar si el token de webhook proporcionado y el esperado son iguales, lo que potencialmente permite a los atacantes usar m\u00e9todos estad\u00edsticos para obtener un token de webhook v\u00e1lido."
}
],
"id": "CVE-2024-23903",
"lastModified": "2024-11-21T08:58:40.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-24T18:15:09.653",
"references": [
{
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
},
{
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-2871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-2871"
}
],
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-24 18:15
Modified
2025-05-30 15:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jenkins | github_branch_source | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3240CAB2-53E9-49EA-8EEF-0FBD0ADFFFF4",
"versionEndIncluding": "684.vea_fa_7c1e2fe3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site request forgery (CSRF) en el complemento Jenkins GitLab Branch Source 684.vea_fa_7c1e2fe3 y versiones anteriores permite a los atacantes conectarse a una URL especificada por el atacante."
}
],
"id": "CVE-2024-23902",
"lastModified": "2025-05-30T15:15:39.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-24T18:15:09.610",
"references": [
{
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
},
{
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251"
}
],
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-24 18:15
Modified
2025-05-30 15:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jenkins | github_branch_source | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3240CAB2-53E9-49EA-8EEF-0FBD0ADFFFF4",
"versionEndIncluding": "684.vea_fa_7c1e2fe3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group."
},
{
"lang": "es",
"value": "El complemento Jenkins GitLab Branch Source 684.vea_fa_7c1e2fe3 y anteriores descubre incondicionalmente proyectos que se comparten con el grupo propietario configurado, lo que permite a los atacantes configurar y compartir un proyecto, lo que da como resultado que Jenkins cree una canalizaci\u00f3n manipulada durante el siguiente an\u00e1lisis del grupo."
}
],
"id": "CVE-2024-23901",
"lastModified": "2025-05-30T15:15:39.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-24T18:15:09.563",
"references": [
{
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
},
{
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040"
}
],
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-05 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jenkins.io/security/advisory/2017-07-10/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jenkins.io/security/advisory/2017-07-10/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "271BAC96-05B7-402C-B7BF-46837F2D408C",
"versionEndIncluding": "2.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:0.1:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "A511F648-0D88-4D1F-9EA1-851C066EA9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:0.1:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "B6096BE5-B2AA-4DB5-AF31-D137C562CC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:0.1:beta-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "F7508088-0FCC-47B5-9562-60F929B45088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:0.1:beta-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "D7A04FB1-3555-47BF-844A-75714A2B8A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "6FF29165-A7E7-4338-A805-95F9D35C82EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F5E10E7C-A96E-4D72-901A-A975C5C74933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "2F4EC898-A3AD-4749-80D0-3D8B4E0A62A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "55DD8799-3D69-46C3-BAEF-3AE8253A48D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3D30BBA5-114F-4222-9C1C-2452D47E1263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.4:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "EABBCDC8-187C-4E98-A54F-E408BEA40D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "5AF85B9C-00AC-4C01-8979-DF1EE693BA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.6:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "E37CFC39-1337-42C1-A9E8-D3D1DC2885BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.7:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "31AE1E2F-64E9-4A1D-A9CB-F4C314B0AB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.8:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "403B2716-91C6-407A-8670-F848D34D0DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.8.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "7CBFB929-A823-4681-A59D-0B8F4961D78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.9:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "7E263793-F71F-4DCD-8C3D-5197D90F1C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:1.10:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "61E15CCA-CCCB-4FEB-AED2-D412A69FEEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F4C6C0E5-20E9-4864-A6C1-53656F2852DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "2418A083-456F-457B-A77E-4D1C824E36D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.0:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "26CDE908-A6A1-4AB1-98C0-0C0E4A5980E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "AD5E5DF9-9C36-4694-8BF9-BD0414AA94B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "0DC703A2-C0AD-404B-B396-6584B585F9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "1EB3064E-F4A0-47CF-9AC1-5718B01429BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "BC77DA15-8BCE-4FB2-8167-ADFA9A3F2198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "E2B6D674-9F05-4294-B84D-0181460DDB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-5:*:*:*:jenkins:*:*",
"matchCriteriaId": "42B72E35-5768-4BE1-A758-D2C7D8251C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.1:beta-6:*:*:*:jenkins:*:*",
"matchCriteriaId": "D357735D-58BB-42C8-A8DA-0F3970BC4A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "5F904453-6C74-43DE-A21F-E0F3C060EA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "64374558-36DA-4841-8B20-2DD3188BD1F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "32C595AA-EE76-4446-BD6B-576ED2EDE5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.4:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "ECDB4CDE-7547-49E9-9DF7-F3DAEDB0FF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "016AC1F5-FC7E-4D94-B13B-B375E3483F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.0.6:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3A3A960B-EA82-4EEC-A6B8-02D1246534CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "B8E5ABB1-986C-4D8C-835D-56BDB3F46179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:alpha-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "BF2EF3DA-DBBE-458E-ACFC-2A330A3915A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:alpha-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "1B7FD58E-9959-4C40-9846-57ED0CA9A36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:alpha-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "299AE4BC-BD79-4629-9C47-6B517482FBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:alpha-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "E4F9BF9F-197C-4027-81D5-8E9A7F92ED79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:2.2.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "69C82FCF-CEF6-4CE7-868F-C8E2F181A034",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they\u0027d like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability."
},
{
"lang": "es",
"value": "GitHub Branch Source proporciona una lista de ID de credenciales aplicables para permitir a los usuarios configurar una tarea para que escojan la que les apetezca utilizar. Esta funcionalidad no chequea permisos, lo que permite que cualquier usuario con permiso Overall/Read obtenga una lista de ID de credenciales v\u00e1lidos. Se podr\u00edan utilizar como parte de un ataque para capturar las credenciales utilizando otra vulnerabilidad."
}
],
"id": "CVE-2017-1000087",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T01:29:03.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-05 20:29
Modified
2024-11-21 03:39
Severity ?
Summary
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jenkins | github_branch_source | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "EAD57ABE-319C-452A-8552-7D507A6BD9B5",
"versionEndIncluding": "2.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad Server-Side Request Forgery en el plugin GitHub Branch Source en versiones 2.3.4 y anteriores de Jenkins en Endpoint.java que permite que los atacantes con acceso Overall/Read provoquen que Jenkins env\u00ede una petici\u00f3n GET a un URL espec\u00edfico."
}
],
"id": "CVE-2018-1000185",
"lastModified": "2024-11-21T03:39:52.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-05T20:29:00.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}