Insufficient Permissions in Jenkins Bitbucket Server Integration Plugin
CVE-2022-28134
5.4MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 29 March 2022
What is CVE-2022-28134?
The Jenkins Bitbucket Server Integration Plugin versions 3.1.0 and earlier are prone to insufficient permission checks within several HTTP endpoints. This flaw permits attackers possessing Overall/Read permissions to create, view, and delete consumers associated with Bitbucket Server. Exploiting this vulnerability could lead to unauthorized modifications and exposure of sensitive data, thereby compromising the overall integrity and security of the Jenkins environment.
Affected Version(s)
Jenkins Bitbucket Server Integration Plugin <= 3.1.0