CVE-2024-28152
MEDIUMJenkins Bitbucket Branch Source Plugin <866.vdea_7dcd3008e - Info D...
Title source: llmDescription
In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.
Scores
CVSS v3
6.3
EPSS
0.0003
EPSS Percentile
9.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-281
Status
published
Products (4)
jenkins/bitbucket_branch_source
856.v04c46c86f911
jenkins/bitbucket_branch_source
866.vdea_7dcd3008e
jenkins/bitbucket_branch_source
< 848.850.v6a_a_2a_234a_c81
org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source
0 - 871.v28d74e8b_4226Maven
Published
Mar 06, 2024
Tracked Since
Feb 18, 2026