Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2019-05-31T14:20:19

Updated: 2024-08-04T22:17:20.462Z

Reserved: 2019-03-29T00:00:00

Link: CVE-2019-10330

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-05-31T15:29:00.590

Modified: 2024-11-21T04:18:54.293

Link: CVE-2019-10330

cve-icon Redhat

No data.