{"id":"CVE-2019-1003010","details":"A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.","aliases":["GHSA-r8rw-xx57-m64q"],"modified":"2026-04-10T04:11:44.072221Z","published":"2019-02-06T16:29:00.563Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:0326"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/git-plugin","events":[{"introduced":"0"},{"last_affected":"690f8a80c575a3b917ee57864656e1ce5b57eccb"},{"introduced":"0"},{"last_affected":"037487fa350a8255edd067f28e5a5912f48f1360"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.9.1"},{"introduced":"0"},{"last_affected":"3.11"}]}}],"versions":["git-0.9","git-0.9.1","git-0.9.2","git-1.0","git-1.0.1","git-1.1","git-1.1.1","git-1.1.10","git-1.1.11","git-1.1.12","git-1.1.13","git-1.1.14","git-1.1.15","git-1.1.16","git-1.1.17","git-1.1.18","git-1.1.19","git-1.1.2","git-1.1.20","git-1.1.21","git-1.1.22","git-1.1.23","git-1.1.24","git-1.1.25","git-1.1.26","git-1.1.27","git-1.1.28","git-1.1.29","git-1.1.3","git-1.1.4","git-1.1.5","git-1.1.6","git-1.1.7","git-1.1.8","git-1.1.9","git-1.2.0","git-1.3.0","git-1.4.0","git-1.5.0","git-1.6.0-beta-1","git-2.0","git-2.0-beta-2","git-2.0-beta-3","git-2.0.2","git-2.0.3","git-2.0.4","git-2.1.0","git-2.2.0","git-2.2.1","git-2.3","git-2.3-beta-1","git-2.3-beta-2","git-2.3-beta-3","git-2.3-beta-4","git-2.3.1","git-2.3.2","git-2.3.3","git-2.3.4","git-2.3.5","git-2.4.0","git-2.5.0-beta2","git-2.5.0-beta3","git-2.5.0-beta4","git-2.5.0-beta5","git-3.0.0","git-3.0.0-beta2","git-3.0.1","git-3.0.2","git-3.0.2-beta-1","git-3.0.2-beta-2","git-3.0.3","git-3.0.4","git-3.0.5","git-3.1.0","git-3.10.0","git-3.10.0-beta-1","git-3.10.1","git-3.11.0","git-3.2.0","git-3.3.0","git-3.3.1","git-3.4.0","git-3.4.0-beta-1","git-3.4.0-beta-2","git-3.4.1","git-3.5.0","git-3.5.1","git-3.6.0","git-3.6.1","git-3.6.2","git-3.6.3","git-3.6.4","git-3.7.0","git-3.8.0","git-3.9.0","git-3.9.1","git-3.9.2","git-3.9.3","git-3.9.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1003010.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}