Vulnerabilities > CVE-2019-10330 - Missing Authorization vulnerability in Gitea

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

gitea

CWE-862

NVD

Published: 2019-05-31

Updated: 2023-10-25

Summary

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Vulnerable Configurations

Part	Description	Count
Application	Gitea Gitea Gitea - Gitea Gitea 1.0.2 Gitea Gitea 1.0.3 Gitea Gitea 1.0.4 Gitea Gitea 1.0.5 Gitea Gitea 1.0.6 Gitea Gitea 1.0.7 Gitea Gitea 1.0.8 Gitea Gitea 1.1.0 Gitea Gitea 1.1.1	10

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
http://www.openwall.com/lists/oss-security/2019/05/31/2
http://www.securityfocus.com/bid/108540