CVE-2019-10330
HIGHJenkins Gitea Plugin <= 1.1.1 - Missing Authorization for Jenkinsfile Changes
Title source: llmDescription
Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/05/31/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108540
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
Scores
CVSS v3
7.5
EPSS
0.0075
EPSS Percentile
73.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-862
Status
published
Products (2)
gitea/gitea
< 1.1.1
org.jenkins-ci.plugins/gitea
0 - 1.1.2Maven
Published
May 31, 2019
Tracked Since
Feb 18, 2026