Vulnerability Database

289,782

Total vulnerabilities in the database

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Low
  • Score: 2.6
  • AV:N/AC:H/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
jenkins / git 3.3.1 3.3.1.x
jenkins / git 0.1.0 0.1.0.x
jenkins / git 0.2.0 0.2.0.x
jenkins / git 0.3.0 0.3.0.x
jenkins / git 0.4.0 0.4.0.x
jenkins / git 0.5.0 0.5.0.x
jenkins / git 0.6.0 0.6.0.x
jenkins / git 0.7.0 0.7.0.x
jenkins / git 0.7.1 0.7.1.x
jenkins / git 0.7.2 0.7.2.x
jenkins / git 0.7.3 0.7.3.x
jenkins / git 0.8.0 0.8.0.x
jenkins / git 0.8.1 0.8.1.x
jenkins / git 0.8.2 0.8.2.x
jenkins / git 0.9.0 0.9.0.x
jenkins / git 0.9.1 0.9.1.x
jenkins / git 0.9.2 0.9.2.x
jenkins / git 1.0.0 1.0.0.x
jenkins / git 1.0.1 1.0.1.x
jenkins / git 1.1.0 1.1.0.x
jenkins / git 1.1.1 1.1.1.x
jenkins / git 1.1.2 1.1.2.x
jenkins / git 1.1.3 1.1.3.x
jenkins / git 1.1.4 1.1.4.x
jenkins / git 1.1.5 1.1.5.x
jenkins / git 1.1.6 1.1.6.x
jenkins / git 1.1.7 1.1.7.x
jenkins / git 1.1.8 1.1.8.x
jenkins / git 1.1.9 1.1.9.x
jenkins / git 1.1.10 1.1.10.x
jenkins / git 1.1.11 1.1.11.x
jenkins / git 1.1.12 1.1.12.x
jenkins / git 1.1.13 1.1.13.x
jenkins / git 1.1.14 1.1.14.x
jenkins / git 1.1.15 1.1.15.x
jenkins / git 1.1.16 1.1.16.x
jenkins / git 1.1.17 1.1.17.x
jenkins / git 1.1.18 1.1.18.x
jenkins / git 1.1.19 1.1.19.x
jenkins / git 1.1.20 1.1.20.x
jenkins / git 1.1.21 1.1.21.x
jenkins / git 1.1.22 1.1.22.x
jenkins / git 1.1.23 1.1.23.x
jenkins / git 1.1.24 1.1.24.x
jenkins / git 1.1.25 1.1.25.x
jenkins / git 1.1.26 1.1.26.x
jenkins / git 1.1.27 1.1.27.x
jenkins / git 1.1.28 1.1.28.x
jenkins / git 1.1.29 1.1.29.x
jenkins / git 1.2.0 1.2.0.x
jenkins / git 1.3.0 1.3.0.x
jenkins / git 1.4.0 1.4.0.x
jenkins / git 1.5.0 1.5.0.x
jenkins / git 1.6.0-beta-1 1.6.0-beta-1.x
jenkins / git 2.0.0 2.0.0.x
jenkins / git 2.0.0-alpha-1 2.0.0-alpha-1.x
jenkins / git 2.0.0-alpha-2 2.0.0-alpha-2.x
jenkins / git 2.0.0-beta-2 2.0.0-beta-2.x
jenkins / git 2.0.0-beta-3 2.0.0-beta-3.x
jenkins / git 2.0.1 2.0.1.x
jenkins / git 2.0.2 2.0.2.x
jenkins / git 2.0.3 2.0.3.x
jenkins / git 2.0.4 2.0.4.x
jenkins / git 2.1.0 2.1.0.x
jenkins / git 2.2.0 2.2.0.x
jenkins / git 2.2.1 2.2.1.x
jenkins / git 2.2.2 2.2.2.x
jenkins / git 2.2.3 2.2.3.x
jenkins / git 2.2.4 2.2.4.x
jenkins / git 2.2.5 2.2.5.x
jenkins / git 2.2.6 2.2.6.x
jenkins / git 2.2.7 2.2.7.x
jenkins / git 2.2.8 2.2.8.x
jenkins / git 2.2.9 2.2.9.x
jenkins / git 2.2.10 2.2.10.x
jenkins / git 2.2.11 2.2.11.x
jenkins / git 2.2.12 2.2.12.x
jenkins / git 2.3.0 2.3.0.x
jenkins / git 2.3.0-beta-1 2.3.0-beta-1.x
jenkins / git 2.3.0-beta-2 2.3.0-beta-2.x
jenkins / git 2.3.0-beta-3 2.3.0-beta-3.x
jenkins / git 2.3.0-beta-4 2.3.0-beta-4.x
jenkins / git 2.3.1 2.3.1.x
jenkins / git 2.3.2 2.3.2.x
jenkins / git 2.3.3 2.3.3.x
jenkins / git 2.3.4 2.3.4.x
jenkins / git 2.3.5 2.3.5.x
jenkins / git 2.4.0 2.4.0.x
jenkins / git 2.4.1 2.4.1.x
jenkins / git 2.4.2 2.4.2.x
jenkins / git 2.4.3 2.4.3.x
jenkins / git 2.4.4 2.4.4.x
jenkins / git 2.5.0 2.5.0.x
jenkins / git 2.5.0-beta-1 2.5.0-beta-1.x
jenkins / git 2.5.0-beta-2 2.5.0-beta-2.x
jenkins / git 2.5.0-beta-3 2.5.0-beta-3.x
jenkins / git 2.5.0-beta-4 2.5.0-beta-4.x
jenkins / git 2.5.0-beta-5 2.5.0-beta-5.x
jenkins / git 2.5.1 2.5.1.x
jenkins / git 2.5.2 2.5.2.x
jenkins / git 2.5.3 2.5.3.x
jenkins / git 2.6.0 2.6.0.x
jenkins / git 2.6.1 2.6.1.x
jenkins / git 2.6.2 2.6.2.x
jenkins / git 2.6.2-beta-1 2.6.2-beta-1.x
jenkins / git 2.6.2-beta-2 2.6.2-beta-2.x
jenkins / git 2.6.4 2.6.4.x
jenkins / git 2.6.5 2.6.5.x
jenkins / git 3.0.0 3.0.0.x
jenkins / git 3.0.0-beta-1 3.0.0-beta-1.x
jenkins / git 3.0.0-beta-2 3.0.0-beta-2.x
jenkins / git 3.0.1 3.0.1.x
jenkins / git 3.0.2 3.0.2.x
jenkins / git 3.0.2-beta-1 3.0.2-beta-1.x
jenkins / git 3.0.2-beta-2 3.0.2-beta-2.x
jenkins / git 3.0.3 3.0.3.x
jenkins / git 3.0.4 3.0.4.x
jenkins / git 3.0.5 3.0.5.x
jenkins / git 3.1.0 3.1.0.x
jenkins / git 3.2.0 3.2.0.x
jenkins / git 3.3.0 3.3.0.x
jenkins / git 3.4.0-alpha-1 3.4.0-alpha-1.x
jenkins / git 3.4.0-alpha-4 3.4.0-alpha-4.x
jenkins / git 3.4.0-beta-1 3.4.0-beta-1.x
org.jenkins-ci.plugins / git - 3.3.2