In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attac
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Buil
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form valida
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.re
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bui
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without che
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacke
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciou
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function f
Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected
Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credent
In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitra
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol all
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, p
Jenkins Coverage Plugin 2.3054.ve1ff7b_a_a_123b_ and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the
Page 1+ Next →