Description
Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
Remediation
References
https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
http://www.openwall.com/lists/oss-security/2019/05/31/2
http://www.securityfocus.com/bid/108540
Related Vulnerabilities
CVE-2022-43415 Vulnerability in maven package org.jenkins-ci.plugins:repo
CVE-2022-42127 Vulnerability in maven package com.liferay:com.liferay.friendly.url.web
CVE-2023-4061 Vulnerability in maven package org.wildfly.core:wildfly-controller
CVE-2012-6153 Vulnerability in maven package org.apache.httpcomponents:httpclient
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core