In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-281 | |
Metrics |
cvssV3_1
|
ssvc
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2024-03-06T17:01:56.184Z
Updated: 2024-11-07T14:57:13.126Z
Reserved: 2024-03-05T19:29:05.204Z
Link: CVE-2024-28152
Vulnrichment
Updated: 2024-08-02T00:48:49.402Z
NVD
Status : Awaiting Analysis
Published: 2024-03-06T17:15:10.637
Modified: 2024-11-21T09:05:54.547
Link: CVE-2024-28152
Redhat