logo

Database

Server side cross-site scripting In org.jenkins-ci.plugins:git

Description

Jenkins GitHub Plugin has an XSS vulnerability In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

GitHub Plugin 1.46.0.1 no longer processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling".

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-425232. NVD-2026-425233. OSV-2026-425234. GCVE-2026-42523

References

1. https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3704

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.