Jenkins Github Branch Source
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jenkins Github Branch Source.
By the Year
In 2026 there have been 0 vulnerabilities in Jenkins Github Branch Source. Github Branch Source did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 3 | 5.37 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 4.30 |
It may take a day or so for new Github Branch Source vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Github Branch Source Security Vulnerabilities
Jenkins GitLab Branch Source Plugin nonconstant time token comparison
CVE-2024-23903
5.3 - Medium
- January 24, 2024
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
Incorrect Comparison
Jenkins GitLab Branch Source Plugin CSRF Allowing Remote Connection
CVE-2024-23902
4.3 - Medium
- January 24, 2024
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
Session Riding
Jenkins GitLab Branch Src Plugin: Shared Project Disclosure via Owner Group
CVE-2024-23901
6.5 - Medium
- January 24, 2024
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java
CVE-2018-1000185
4.3 - Medium
- June 05, 2018
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
SSRF
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Github Branch Source or by Jenkins? Click the Watch button to subscribe.
