4 matches found
CVE-2024-28152
A flaw was found in jenkins-2-plugins. Multibranch Pipelines with a Bitbucket branch source can be configured to discover pull requests from forks. The trust policy is set to "Forks in the same account" by default. In Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except...
org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2024-28152 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2024-28152 Source advisory: OSV:GHSA-M4RM-X2RR-357W...
CVE-2024-28152
In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...
CVE-2024-28152
CVE-2024-28152 affects the Jenkins Bitbucket Branch Source Plugin (866.vdea_7dcd3008e and earlier, excluding 848.850.v6a_a_2a_234a_c81). The root cause is a misconfigured trust policy for pull requests from forks, where the policy "Forks in the same account" can allow changes to Jenkinsfiles from...