Описание
Missing permission checks in Jekins Bitbucket Server Integration Plugin
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.
Пакеты
Наименование
io.jenkins.plugins:atlassian-bitbucket-server-integration
maven
Затронутые версииВерсия исправления
< 3.2.0
3.2.0
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.