PT-2019-11308 · Jenkins · Jenkins Git Plugin+1

R. Tyler Croy

·

Publicado

2019-02-06

·

Atualizado

2022-05-14

·

CVE-2019-1003010

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 3.9.1 and earlier
Description: A cross-site request forgery issue exists that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. This is due to a vulnerability in the src/main/java/hudson/plugins/git/GitTagAction.java file.
Recommendations: For Jenkins Git Plugin versions 3.9.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2019-1003010
GHSA-R8RW-XX57-M64Q

Produtos afetados

Jenkins
Jenkins Git Plugin