Lucene search

GitHub Advisory DatabaseGHSA-R5R6-V8QH-PMPQ

HistoryMar 30, 2022 - 12:00 a.m.

Missing permission checks in Jekins Bitbucket Server Integration Plugin

2022-03-3000:00:25

CWE-862

GitHub Advisory Database

github.com

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.

Affected configurations

Vulners

Node

jenkinsbitbucket_server_integrationRange<3.2.0jenkins

CPENameOperatorVersion
io.jenkins.plugins:atlassian-bitbucket-server-integrationlt3.2.0

CPE	Name	Operator	Version
	io.jenkins.plugins:atlassian-bitbucket-server-integration	lt	3.2.0

References

www.openwall.com/lists/oss-security/2022/03/29/1

github.com/advisories/GHSA-r5r6-v8qh-pmpq

nvd.nist.gov/vuln/detail/CVE-2022-28134

www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2640

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.2%

JSON

Related for GHSA-R5R6-V8QH-PMPQ