CSRF Vulnerability in Jenkins Bitbucket Branch Source Plugin by Jenkins
CVE-2022-20619

7.1HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Bitbucket Branch Source Plugin
Vendor: CVE Published:; 12 January 2022

What is CVE-2022-20619?

A cross-site request forgery (CSRF) vulnerability present in Jenkins' Bitbucket Branch Source Plugin allows attackers to exploit the system by connecting to malicious URLs using compromised credential IDs. These credentials may have been obtained through other methods, enabling unauthorized access to sensitive information stored in Jenkins. It is essential for organizations using affected versions to implement security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Jenkins Bitbucket Branch Source Plugin <= 737.vdf9dc06105be

Jenkins Bitbucket Branch Source Plugin 725.vd9f8be0fa250

Jenkins Bitbucket Branch Source Plugin 2.9.11.2

References

https://www.jenkins.io/security/advisory/2022-01-12/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/01/12/6

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2022
Vulnerability Reserved
Oct 28, 2021