GHSA-w2mh-6xj5-f77f, CVE-2022-20618
maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source
Incorrect Permission Assignment for Critical Resource
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.
All versions up to 737.vdf9dc06105be
Upgrade to version 746.v350d2781c184 or above.
2022-06-21
source |