Bitbucket Branch Source Plugin hasta 737.vdf9dc06105be en Jenkins cross site request forgery

Una vulnerabilidad fue encontrada en Bitbucket Branch Source Plugin hasta 737.vdf9dc06105be en Jenkins (Jenkins Plugin) y clasificada como problemática. Una función desconocida es afectada por esta vulnerabilidad. No hay información respecto a posibles contramedidas. Se sugiere sustituir el producto con un equivalente.

Campo2022-01-13 07:252022-01-15 14:28
nameBitbucket Branch Source PluginBitbucket Branch Source Plugin
version<=737.vdf9dc06105be<=737.vdf9dc06105be
platformJenkinsJenkins
cwe352 (cross site request forgery)352 (cross site request forgery)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467
cveCVE-2022-20619CVE-2022-20619
cve_assigned16353720001635372000
date1642028400 (2022-01-13)1642028400 (2022-01-13)
typeJenkins PluginJenkins Plugin
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore5.05.0
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.3
cvss3_meta_basescore4.34.3
cvss3_meta_tempscore4.34.3
price_0day$0-$5k$0-$5k
confirm_urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467
cve_nvd_summaryA cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!