GHSA-q98c-rqx7-7ghf

Source

https://github.com/advisories/GHSA-q98c-rqx7-7ghf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q98c-rqx7-7ghf/GHSA-q98c-rqx7-7ghf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q98c-rqx7-7ghf

Aliases

CVE-2019-10330

Published

2022-05-24T22:00:03Z

Modified

2024-02-16T08:13:24.074108Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Improper handling of untrusted branches in Gitea Jenkins Plugin

Details

Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Database specific

{
    "nvd_published_at": "2019-05-31T15:29:00Z",
    "cwe_ids": [
        "CWE-693",
        "CWE-862"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T01:29:26Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:gitea

Package

Name: org.jenkins-ci.plugins:gitea; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/gitea

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.2

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.1.0

1.1.1