CVE-2019-10330

Missing Authorization in maven/org.jenkins-ci.plugins/gitea

Identifiers

GHSA-q98c-rqx7-7ghf, CVE-2019-10330

Package Slug

maven/org.jenkins-ci.plugins/gitea

Vulnerability

Missing Authorization

Description

Jenkins Gitea Plugin 1.1.1 and earlier does not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Affected Versions

All versions before 1.1.2

Solution

Upgrade to version 1.1.2 or above.

Last Modified

2022-09-15

source