📦

git_client

Vendor: jenkins

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 2 Remote Access

Total CVEs 23 Total Indexed

Avg. EPSS 14.99% Exploit Prob.

Latest CVE CVE-2025-67640 Dec 10

Security Vulnerability Index

Page 1 / 3

5.0 CVSS

CVE-2025-67640

RCE

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.

EPSS: 0.05%

Severity: MEDIUM

Dec 10, 2025

4.3 CVSS

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

EPSS: 0.11%

Severity: MEDIUM

Sep 03, 2025

8.1 CVSS

CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.

EPSS: 0.91%

Severity: HIGH

Jul 27, 2022

8.8 CVSS

CVE-2019-10392

RCE Exploit Found

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

EPSS: 73.88%

Severity: HIGH

Sep 12, 2019

3.3 CVSS

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure

EPSS: 0.01%

Severity: LOW

Nov 01, 2017

Displaying 5 of 23 Total Entries

1 2 3

Total 3 Sections