{"dataType": "CVE_RECORD", "containers": {"cna": {"metrics": [{"format": "CVSS", "cvssV2_0": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}}, {"format": "CVSS", "cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*"], "vendor": "jenkins", "product": "git", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.9.1"}], "platforms": ["jenkins"], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"], "vendor": "redhat", "product": "openshift_container_platform", "versions": [{"status": "affected", "version": "3.11"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHBA-2019:0326", "tags": ["third-party-advisory"]}, {"url": "https://access.redhat.com/errata/RHBA-2019:0327", "tags": ["third-party-advisory"]}, {"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record."}, {"lang": "es", "value": "Existe una vulnerabilidad Cross-Site Request Forgery (CSRF) en Jenkins Git Plugin, en versiones 3.9.1 y anteriores, en src/main/java/hudson/plugins/git/GitTagAction.java, que permite que los atacantes creen una etiqueta Git en un espacio de trabajo y adjunten los metadatos correspondientes a un registro de builds."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-352", "description": "CWE-352"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2019-02-06T16:29:00Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2019-1003010", "state": "PUBLISHED", "dateUpdated": "2024-11-21T04:17:44Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2019-02-06T16:29:00Z", "assignerShortName": "jenkins"}, "dataVersion": "5.0"}