br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +91 more potentially affected by CVE-2019-1003010 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.9.1)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2019-1003010 Source advisory: OSV:GHSA-R8RW-XX57-M64Q...

CVE-2019-1003010

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record...

CVE-2019-1003010

The CVE-2019-1003010 entry concerns Jenkins Git Plugin (versions 3.9.1 and earlier). The issue is a cross-site request forgery in src/main/java/hudson/plugins/git/GitTagAction.java that lets an attacker create a Git tag in a workspace and attach metadata to a build record. The documents do not sp...