Jenkins GitHub Branch Source Plugin
0 remedies
cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:jenkins:*:*
0 remedies
Jenkins GitHub Branch Source Plugin Missing Permission Check Vulnerability
Vulnerability
Patched
A vulnerability exists in the GitHub Branch Source Plugin for Jenkins, specifically in versions through 1967.vdea_d580c1a_b_a_. The issue arises from a missing permission check that allows attackers with Overall/Read permission to connect to a URL of their choice using GitHub App credentials. This vulnerability could be exploited to manipulate GitHub integrations or access resources in a way that could harm the Jenkins environment or its users.
Impact
Exploitation of this vulnerability could allow unauthorized connections to be made using GitHub App credentials, potentially leading to unauthorized access or actions within GitHub that could affect the Jenkins environment.
Remediation
Users of the GitHub Branch Source Plugin should update to version 1967.1969.v205fd594c821, which requires Overall/Manage permission to perform the connection test, thereby addressing the vulnerability.
Added: Apr 29, 2026, 2:27 PM
Updated: Apr 29, 2026, 2:27 PM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
0.8exploitability
5.2remediation
7.7relevance
7.0threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.