CVE-2022-28134

Publication date

2022-03-29 12:30:45

Family

jenkins

State

PUBLISHED

Description

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.