CVE-2022-28134

2022-03-2913:15:08

Alpine Linux Development Team

security.alpinelinux.org

cve-2022-28134

jenkins

bitbucket server integration plugin

http endpoints

permission checks

overall/read permission

bitbucket server consumers

unix

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

22.0%

JSON

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.

OSVersionArchitecturePackageVersionFilename
Alpine3.15-communitynoarchjenkins= 2.319.3-r0UNKNOWN
Alpine3.16-communitynoarchjenkins= 2.346.2-r0UNKNOWN
Alpine3.17-communitynoarchjenkins= 2.361.2-r0UNKNOWN
Alpine3.18-communitynoarchjenkins= 2.387.3-r0UNKNOWN
Alpine3.19-communitynoarchjenkins= 2.440.3-r0UNKNOWN
Alpine3.20-communitynoarchjenkins= 2.440.2-r0UNKNOWN
Alpineedge-communitynoarchjenkins= 2.462.1-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.15-community	noarch	jenkins	= 2.319.3-r0	UNKNOWN
Alpine	3.16-community	noarch	jenkins	= 2.346.2-r0	UNKNOWN
Alpine	3.17-community	noarch	jenkins	= 2.361.2-r0	UNKNOWN
Alpine	3.18-community	noarch	jenkins	= 2.387.3-r0	UNKNOWN
Alpine	3.19-community	noarch	jenkins	= 2.440.3-r0	UNKNOWN
Alpine	3.20-community	noarch	jenkins	= 2.440.2-r0	UNKNOWN
Alpine	edge-community	noarch	jenkins	= 2.462.1-r0	UNKNOWN