Описание
Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.1 (включая)
cpe:2.3:a:gitea:gitea:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 74%
0.00823
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Improper handling of untrusted branches in Gitea Jenkins Plugin
EPSS
Процентиль: 74%
0.00823
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862