CVE-2019-10330
HIGH7.5EPSS 0.75%Improper handling of untrusted branches in Gitea Jenkins Plugin
Published: 5/24/2022Modified: 2/16/2024
Also known as:GHSA-q98c-rqx7-7ghf
Description
Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
Affected packages (1)
- Maven/org.jenkins-ci.plugins:giteafrom 0, < 1.1.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10330
- WEBhttps://github.com/jenkinsci/gitea-plugin/commit/7555cb7c168cfa49d31271e7d65d76c1fab311f7
- WEBhttps://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
- WEBhttp://www.openwall.com/lists/oss-security/2019/05/31/2
- WEBhttp://www.securityfocus.com/bid/108540