org.jenkins-ci.plugins:git-client
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:git-clientpage 1 of 1
- CVE-2017-1000242LOWCVSS 3.3EG 3.3✓ Fixed in 2.4.32017-11-01
vulnerable: 1.0.2 ... 2.4.2 (72 versions)
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
- CVE-2019-10392HIGHCVSS 8.8EG 8.8✓ Fixed in 2.8.52019-09-12
vulnerable: 1.0.2 ... 2.8.4 (93 versions)
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
- CVE-2022-36881HIGHCVSS 8.1EG 8.1✓ Fixed in 3.11.12022-07-27
vulnerable: 1.0.2 ... 3.9.0 (134 versions)
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
- CVE-2025-58458MEDIUMCVSS 4.3EG 4.3✓ Fixed in 6.3.32025-09-03
vulnerable: 1.0.2 ... 6.3.2 (166 versions)
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit…
- CVE-2025-67640MEDIUMCVSS 5.0EG 5.0✓ Fixed in 6.4.12025-12-10
vulnerable: 1.0.2 ... 6.4.0 (168 versions)
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace dire…
Check whether org.jenkins-ci.plugins:git-client is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:git-client CVEs against the assets you own.
Start Free Scan →