CVE-2022-20618

Incorrect Permission Assignment for Critical Resource in maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source

Identifiers

GHSA-w2mh-6xj5-f77f, CVE-2022-20618

Package Slug

maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

Affected Versions

All versions up to 737.vdf9dc06105be

Solution

Upgrade to version 746.v350d2781c184 or above.

Last Modified

2022-06-21

source