search

jfrog / jenkins-artifactory-plugin

Jenkins artifactory plugin
http://jenkins-ci.org/
116 stars 190 forks source link

[🐸 Frogbot] Update version of org.jenkins-ci.plugins:git to 4.8.3 #884

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago
[![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/vulnerabilitiesFixBannerPR.png)](https://github.com/jfrog/frogbot#readme)

📦 Vulnerable Dependencies

✍️ Summary

| SEVERITY | CONTEXTUAL ANALYSIS | DIRECT DEPENDENCIES | IMPACTED DEPENDENCY | FIXED VERSIONS | | :---------------------: | :----------------------------------: | :----------------------------------: | :-----------------------------------: | :---------------------------------: | | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableHighSeverity.png)
High | Undetermined | org.jenkins-ci.plugins:git:3.3.2 | org.jenkins-ci.plugins:git:3.3.2 | [4.8.3] |

👇 Details

Description:

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

[JFrog Frogbot](https://github.com/jfrog/frogbot#readme)