In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.
History

Thu, 07 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-281
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2024-03-06T17:01:56.184Z

Updated: 2024-11-07T14:57:13.126Z

Reserved: 2024-03-05T19:29:05.204Z

Link: CVE-2024-28152

cve-icon Vulnrichment

Updated: 2024-08-02T00:48:49.402Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-06T17:15:10.637

Modified: 2024-11-21T09:05:54.547

Link: CVE-2024-28152

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-06T00:00:00Z

Links: CVE-2024-28152 - Bugzilla