CVE-2019-10330

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.50 % (76^th)

Affected Products 1

Advisories 2

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2019-05-31 15:29:00
(5 years ago)
Updated Date: 2023-10-25 18:16:16
(10 months ago)

Affected Products

Gitea

Gitea

Configuration #1

		CPE23	From	Up To
	Gitea for Jenkins 1.1.1 and prior versions	cpe:2.3:a:gitea:gitea::::::jenkins		<= 1.1.1