Open mend-bolt-for-github[bot] opened 2 years ago
Integrates Jenkins with Git SCM
Library home page: https://github.com/jenkinsci/git-plugin/tree/git-4.2.1/README.adoc
Path to dependency file: /pom.xml
Path to vulnerable library: /-ci/plugins/git/4.2.1/git-4.2.1.jar
Dependency Hierarchy: - :x: **git-4.2.1.jar** (Vulnerable Library)
Found in HEAD commit: 97ed2b7fe477b78f0b26191e5950825314db7b2c
Found in base branch: master
A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
Publish Date: 2022-07-27
URL: CVE-2022-36882
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284
Release Date: 2022-07-27
Fix Resolution: org.jenkins-ci.plugins:git:4.11.4
Step up your Open Source Security Game with Mend here
CVE-2022-36882 - High Severity Vulnerability
Integrates Jenkins with Git SCM
Library home page: https://github.com/jenkinsci/git-plugin/tree/git-4.2.1/README.adoc
Path to dependency file: /pom.xml
Path to vulnerable library: /-ci/plugins/git/4.2.1/git-4.2.1.jar
Dependency Hierarchy: - :x: **git-4.2.1.jar** (Vulnerable Library)
Found in HEAD commit: 97ed2b7fe477b78f0b26191e5950825314db7b2c
Found in base branch: master
A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
Publish Date: 2022-07-27
URL: CVE-2022-36882
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284
Release Date: 2022-07-27
Fix Resolution: org.jenkins-ci.plugins:git:4.11.4
Step up your Open Source Security Game with Mend here