Cross-Site Request Forgery Vulnerability in Jenkins Git Plugin
CVE-2019-1003010

4.3MEDIUM

Key Information:

Vendor
Jenkins
Status
Git
Vendor
CVE Published:
6 February 2019

Summary

A cross-site request forgery vulnerability exists in the Jenkins Git Plugin version 3.9.1 and earlier. This flaw enables attackers to create a Git tag in a workspace and associate this with specific metadata in a build record. Exploiting this vulnerability can lead to unauthorized changes and affect the integrity of build processes within Jenkins, thereby posing significant risks to the software development lifecycle and its associated pipelines.

References

https://jenkins.io/security/advisory/2019-01-28/#SECURITY...
x_refsource_CONFIRM
https://access.redhat.com/errata/RHBA-2019:0326
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0327
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.