本ページは jenkins git_client に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-67640 | Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands. | [email protected] | 5.0 | 0.18% | 2025-12-10 | 2026-06-17 |
| CVE-2025-58458 | In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | [email protected] | 4.3 | 0.29% | 2025-09-03 | 2026-06-17 |
| CVE-2022-36881 | Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. | [email protected] | 8.1 | 0.77% | 2022-07-27 | 2026-06-17 |
| CVE-2019-10392 | Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | [email protected] | 8.8 | 25.59% | 2019-09-12 | 2026-06-16 |
| CVE-2017-1000242 | Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure | [email protected] | 3.3 | 0.38% | 2017-11-01 | 2026-06-16 |