Skip to main content

Jenkins Git Client Plugin

1 CVEs product

Monthly

CVE-2026-57282 MEDIUM This Month

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.

Jenkins Jenkins Git Client Plugin Command Injection
NVD VulDB
CVSS 3.1
5.0
EPSS
0.2%
EPSS 0% CVSS 5.0
MEDIUM This Month

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.

Jenkins Jenkins Git Client Plugin Command Injection
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy