Jenkins - Git Client CVE

Filtered by vendor Jenkins Subscribe

Filtered by product Git Client

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-36881	1 Jenkins	1 Git Client	2023-11-22	N/A	8.1 HIGH
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
CVE-2019-10392	1 Jenkins	1 Git Client	2019-10-09	6.5 MEDIUM	8.8 HIGH
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

Vulnerabilities (CVE)