Insufficient Permissions in Jenkins Bitbucket Server Integration Plugin
CVE-2022-28134

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Bitbucket Server Integration Plugin
Vendor: CVE Published:; 29 March 2022

Summary

The Jenkins Bitbucket Server Integration Plugin versions 3.1.0 and earlier are prone to insufficient permission checks within several HTTP endpoints. This flaw permits attackers possessing Overall/Read permissions to create, view, and delete consumers associated with Bitbucket Server. Exploiting this vulnerability could lead to unauthorized modifications and exposure of sensitive data, thereby compromising the overall integrity and security of the Jenkins environment.

Affected Version(s)

Jenkins Bitbucket Server Integration Plugin <= 3.1.0

References

https://www.jenkins.io/security/advisory/2022-03-29/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/03/29/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2022
Vulnerability Reserved
Mar 29, 2022