In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.
{ "nvd_published_at": "2024-03-06T17:15:10Z", "cwe_ids": [ "CWE-281" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-06T19:20:57Z" }