R. Tyler Croy

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 3.9.1 and earlier Description: A cross-site request forgery issue exists that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. This is due to a vulnerability in the src/main/java/hudson/plugins/git/GitTagAction.java file. Recommendations: For Jenkins Git Plugin versions 3.9.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions (affected versions not specified) **Description** The issue concerns the Pipeline: Input Step Plugin, which previously allowed users with Item/Read access to interact with the step. This has been changed to require Item/Build permission instead. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.