CVE-2019-10330 – org.jenkins-ci.plugins:gitea

Package

Manager: maven
Name: org.jenkins-ci.plugins:gitea
Vulnerable Version: >=0 <1.1.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00823 pctl0.73565

Details

Improper handling of untrusted branches in Gitea Jenkins Plugin Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Metadata

Created: 2022-05-24T22:00:03Z
Modified: 2023-12-05T13:12:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q98c-rqx7-7ghf/GHSA-q98c-rqx7-7ghf.json
CWE IDs: ["CWE-693", "CWE-862"]
Alternative ID: GHSA-q98c-rqx7-7ghf
Finding: F039
Auto approve: 1