Описание
Improper handling of untrusted branches in Gitea Jenkins Plugin
Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
Пакеты
Наименование
org.jenkins-ci.plugins:gitea
maven
Затронутые версииВерсия исправления
< 1.1.2
1.1.2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.