5 matches found
CVE-2022-20619
A Cross-site request forgery CSRF vulnerability was found in the Jenkins Bitbucket Branch Source plugin. In the HTTP endpoint, the POST requests are not required. This flaw allows an attacker with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs...
org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20619 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20619 Source advisory: OSV:GHSA-W4JV-6RG4-PR4M...
CVE-2022-20619
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-20619
CVE-2022-20619 applies to Jenkins Bitbucket Branch Source Plugin prior to 737.vdf9dc06105be. It describes a cross-site request forgery (CSRF) vulnerability that lets an attacker cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing c...
CVE-2022-20619
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...