CVE-2019-10330

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Gitea Plugin versions 1.1.1 and earlier

Description The issue allows attackers without commit access to the Git repository to change Jenkinsfiles, even if Jenkins is configured to consider them untrusted. This is due to the lack of implementation of trusted revisions in the affected plugin versions.

Recommendations For Jenkins Gitea Plugin versions 1.1.1 and earlier, update to version 1.1.2 or later to resolve the issue.

Fix

Missing Authorization

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-693

Related Identifiers

CVE-2019-10330

GHSA-Q98C-RQX7-7GHF

Affected Products

Jenkins Git Plugin

CVE-2019-10330

Weakness Enumeration

Related Identifiers

Affected Products

References · 8