Gitlab Jenkins Gitlab

Do you want an email whenever new security vulnerabilities are reported in Jenkins Gitlab?

By the Year

In 2023 there have been 0 vulnerabilities in Jenkins Gitlab . Last year Gitlab had 3 security vulnerabilities published. Right now, Gitlab is on track to have less security vulnerabilities in 2023 than it did last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 3 5.73
2021 0 0.00
2020 0 0.00
2019 2 8.40
2018 0 0.00

It may take a day or so for new Gitlab vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Gitlab Security Vulnerabilities

Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially

CVE-2022-43411 5.3 - Medium - October 19, 2022

Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Side Channel Attack

Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds

CVE-2022-34777 5.4 - Medium - June 30, 2022

Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint

CVE-2022-30955 6.5 - Medium - May 17, 2022

Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

AuthZ

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method

CVE-2019-10300 8 - High - April 18, 2019

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Session Riding

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method

CVE-2019-10301 8.8 - High - April 18, 2019

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Gitlab or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

subscribe