GHSA-r5r6-v8qh-pmpq

Source

https://github.com/advisories/GHSA-r5r6-v8qh-pmpq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-r5r6-v8qh-pmpq/GHSA-r5r6-v8qh-pmpq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r5r6-v8qh-pmpq

Aliases

CVE-2022-28134

Published

2022-03-30T00:00:25Z

Modified

2023-11-08T04:09:01.490508Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Missing permission checks in Jekins Bitbucket Server Integration Plugin

Details

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.

Database specific

{
    "nvd_published_at": "2022-03-29T13:15:00Z",
    "github_reviewed_at": "2022-11-29T21:52:22Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-862"
    ]
}

References

Affected packages

Maven / io.jenkins.plugins:atlassian-bitbucket-server-integration

Package

Name: io.jenkins.plugins:atlassian-bitbucket-server-integration; View open source insights on deps.dev
Purl: pkg:maven/io.jenkins.plugins/atlassian-bitbucket-server-integration

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0

Affected versions

1.*

1.0-alpha-1

1.0-alpha-2

1.0-alpha-3

1.0-beta-1

1.0-beta-2

1.0-beta-3

1.0-beta-4

1.0-beta-5

1.0-rc-1

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.1.2

2.1.3

3.*

3.0.0

3.0.1

3.0.2

3.1.0