Vulnerability Description
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Git | <= 3.9.1 |
| Redhat | Openshift Container Platform | 3.11 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHBA-2019:0326Third Party Advisory
- https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
- https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095Vendor Advisory
- https://access.redhat.com/errata/RHBA-2019:0326Third Party Advisory
- https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
- https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095Vendor Advisory
FAQ
What is CVE-2019-1003010?
CVE-2019-1003010 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace...
How severe is CVE-2019-1003010?
CVE-2019-1003010 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1003010?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Git, Redhat Openshift Container Platform.