pkg:maven/org.jenkins-ci.plugins/github
Type
maven
Namespace
org.jenkins-ci.plugins
Name
github
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/github package.
High
1
Medium
3
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 1.34.4 |
CVE-2022-36885
|
JENKINS:SECURITY-1849 | Non-constant time webhook signature comparison in `github` | low |
2022-07-27T00:00:00
(2 years ago) |
|
Fixed | = 1.34.5 |
CVE-2022-36885
|
JENKINS:SECURITY-1849 | Non-constant time webhook signature comparison in `github` | low |
2022-07-27T00:00:00
(2 years ago) |
|
Affected | <= 1.37.3 |
CVE-2023-46650
|
JENKINS:SECURITY-3246 | Stored XSS vulnerability in `github` | high |
2023-10-25T00:00:00
(10 months ago) |
|
Fixed | = 1.37.3.1 |
CVE-2023-46650
|
JENKINS:SECURITY-3246 | Stored XSS vulnerability in `github` | high |
2023-10-25T00:00:00
(10 months ago) |
|
Affected | <= 1.29.0 |
CVE-2018-1000184
|
JENKINS:SECURITY-799 | Server-side request forgery vulnerability in GitHub Plugin | medium |
2018-06-04T00:00:00
(6 years ago) |
|
Fixed | = 1.29.1 |
CVE-2018-1000184
|
JENKINS:SECURITY-799 | Server-side request forgery vulnerability in GitHub Plugin | medium |
2018-06-04T00:00:00
(6 years ago) |
|
Affected | <= 1.29.0 |
CVE-2018-1000183
|
JENKINS:SECURITY-804 | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | medium |
2018-06-04T00:00:00
(6 years ago) |
|
Fixed | = 1.29.1 |
CVE-2018-1000183
|
JENKINS:SECURITY-804 | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | medium |
2018-06-04T00:00:00
(6 years ago) |
|
Affected | <= 1.29.1 |
CVE-2018-1000600
|
JENKINS:SECURITY-915 | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | medium |
2018-06-25T00:00:00
(6 years ago) |
|
Fixed | = 1.29.2 |
CVE-2018-1000600
|
JENKINS:SECURITY-915 | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | medium |
2018-06-25T00:00:00
(6 years ago) |