CVE-2019-10330

Published: May 31, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Affected (1)

Products: Gitea: Gitea

Gitea

1 product

Gitea

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gitea Gitea	Up to 1.1.1

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

http://www.openwall.com/lists/oss-security/2019/05/31/2

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108540

Source: jenkinsci-cert@googlegroups.com

Third Party AdvisoryVDB Entry

https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2019/05/31/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108540

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.