CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

jenkins

git_client

4 known vulnerabilities · sorted by CVSS score

CVE-2019-10392

HIGH8.8

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

jenkins / git_client+1

Network

Published Sep 12, 2019

CVE-2022-36881

HIGH8.1

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.

jenkins / git_client

Network

Published Jul 27, 2022

CVE-2025-67640

MEDIUM5.0

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.

jenkins / git_client

Network

Published Dec 10, 2025

CVE-2025-58458

MEDIUM4.3

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

jenkins / git_client+2

Network

Published Sep 3, 2025