First published: Tue May 17 2022(Updated: )
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Git | <=4.11.1 | |
Jenkins Mercurial | <=2.16 | |
Jenkins Repo | <=1.14.0 | |
maven/org.jenkins-ci.plugins:repo | <=1.14.0 | 1.15.0 |
maven/org.jenkins-ci.plugins:mercurial | <=2.16 | 2.16.1 |
maven/org.jenkins-ci.plugins:git | <=4.11.1 | 4.11.2 |
Jenkins Git | <4.11.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.