org.jenkins-ci.plugins:git (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jenkins-ci.plugins:git, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2026-42523 — CVSS 9.0 (critical): Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the…
CVE-2022-36882 — CVSS 8.8 (high): A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs…
CVE-2022-30947 — CVSS 7.5 (high): Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins…
CVE-2017-1000092 — CVSS 7.5 (high): Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to…
CVE-2022-36883 — CVSS 7.5 (high): A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured…
CVE-2022-38663 — CVSS 6.5 (medium): Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the…
CVE-2018-1000182 — CVSS 6.4 (medium): A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java…
CVE-2021-21684 — CVSS 6.1 (medium): Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying…
CVE-2020-2136 — CVSS 5.4 (medium): Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation…
CVE-2018-1000110 — CVSS 5.3 (medium): An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker…
CVE-2022-36884 — CVSS 5.3 (medium): The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs…
CVE-2022-30949 — CVSS 5.3 (medium): Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the…
CVE-2019-1003010 — CVSS 4.3 (medium): A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.j…