CVE-2019-10330 - Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers witho

CVE-2019-10330

Summary

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

References

Vulnerable Configurations

cpe:2.3:a:gitea:gitea:-:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:-:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.0.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.1.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.1.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:gitea:gitea:1.1.1:*:*:*:*:jenkins:*:*

CVSS

Base:	5.0 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	108540
confirm	https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
mlist	[oss-security] 20190531 Multiple vulnerabilities in Jenkins plugins

Last major update

25-10-2023 - 18:16

Published

31-05-2019 - 15:29

Last modified

25-10-2023 - 18:16