Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2024/03/06 6:52 p.m.27 views

CVE-2024-28152

A flaw was found in jenkins-2-plugins. Multibranch Pipelines with a Bitbucket branch source can be configured to discover pull requests from forks. The trust policy is set to "Forks in the same account" by default. In Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except...

6.3CVSS6.2AI score0.00556EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/03/06 6:30 p.m.5 views

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2024-28152 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2024-28152 Source advisory: OSV:GHSA-M4RM-X2RR-357W...

6.3CVSS6.5AI score0.00556EPSS
Exploits0
NVD
NVD
added 2024/03/06 5:15 p.m.12 views

CVE-2024-28152

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.3CVSS5.7AI score0.00556EPSS
Exploits0References2
CVE
CVE
added 2024/03/06 5:1 p.m.87 views

CVE-2024-28152

CVE-2024-28152 affects the Jenkins Bitbucket Branch Source Plugin (866.vdea_7dcd3008e and earlier, excluding 848.850.v6a_a_2a_234a_c81). The root cause is a misconfigured trust policy for pull requests from forks, where the policy "Forks in the same account" can allow changes to Jenkinsfiles from...

6.3CVSS6.4AI score0.00556EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder