CVE-2022-20619

Cross-Site Request Forgery (CSRF) in maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source

Identifiers

GHSA-w4jv-6rg4-pr4m, CVE-2022-20619

Package Slug

maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected Versions

All versions up to 737.vdf9dc06105be

Solution

Upgrade to version 746.v350d2781c184 or above.

Last Modified

2022-06-21

source