Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2022/01/24 5:32 p.m.29 views

CVE-2022-20619

A Cross-site request forgery CSRF vulnerability was found in the Jenkins Bitbucket Branch Source plugin. In the HTTP endpoint, the POST requests are not required. This flaw allows an attacker with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs...

7.1CVSS1.2AI score0.00655EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/01/13 12:1 a.m.6 views

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20619 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20619 Source advisory: OSV:GHSA-W4JV-6RG4-PR4M...

7.1CVSS7AI score0.00655EPSS
Exploits0
NVD
NVD
added 2022/01/12 8:15 p.m.29 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS0.00655EPSS
Exploits0References2
CVE
CVE
added 2022/01/12 7:5 p.m.140 views

CVE-2022-20619

CVE-2022-20619 applies to Jenkins Bitbucket Branch Source Plugin prior to 737.vdf9dc06105be. It describes a cross-site request forgery (CSRF) vulnerability that lets an attacker cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing c...

7.1CVSS6.8AI score0.00655EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 7:5 p.m.41 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.6AI score0.00655EPSS
Exploits0References2
Rows per page
Query Builder