Fluid Attacks Database

Description

Improper handling of untrusted branches in Gitea Jenkins Plugin Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/go-gitea/gitea	>=0 <=1.1.1	v1.1.2
maven	org.jenkins-ci.plugins:gitea	>=0 <1.1.2	1.1.2

Aliases

1. CVE-2019-103302. NVD-2019-103303. OSV-2019-103304. GCVE-2019-10330

References

1. https://jenkins.io/security/advisory/2019-05-31/#SECURITY-10462. https://github.com/jenkinsci/gitea-plugin/commit/7555cb7c168cfa49d31271e7d65d76c1fab311f73. http://www.openwall.com/lists/oss-security/2019/05/31/24. http://www.securityfocus.com/bid/108540

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.