CVE-2019-10330
HIGH7.5EPSS 0.75%Improper handling of untrusted branches in Gitea Jenkins Plugin
發布日:2022/5/24修改日:2024/2/16
描述
Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
受影響套件(1)
- Maven/org.jenkins-ci.plugins:giteafrom 0, < 1.1.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10330
- WEBhttps://github.com/jenkinsci/gitea-plugin/commit/7555cb7c168cfa49d31271e7d65d76c1fab311f7
- WEBhttps://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
- WEBhttp://www.openwall.com/lists/oss-security/2019/05/31/2
- WEBhttp://www.securityfocus.com/bid/108540