Bitbucket Branch Source Plugin まで737.vdf9dc06105be 日付: Jenkins 未知の脆弱性

フィールド2022年01月13日 07:252022年01月15日 14:28
nameBitbucket Branch Source PluginBitbucket Branch Source Plugin
version<=737.vdf9dc06105be<=737.vdf9dc06105be
platformJenkinsJenkins
cwe352 (クロスサイトリクエストフォージェリ)352 (クロスサイトリクエストフォージェリ)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467
cveCVE-2022-20619CVE-2022-20619
cve_assigned16353720001635372000
date1642028400 (2022年01月13日)1642028400 (2022年01月13日)
typeJenkins PluginJenkins Plugin
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore5.05.0
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.3
cvss3_meta_basescore4.34.3
cvss3_meta_tempscore4.34.3
price_0day$0-$5k$0-$5k
confirm_urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467
cve_nvd_summaryA cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Do you need the next level of professionalism?

Upgrade your account now!