Security Advisory

CVE-2024-28152

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-06 17:01:56

Last updated 2025-02-13 17:47:19

Assigner jenkins

State PUBLISHED

Description

In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.

← Browse all CVEs View on cve.org ↗