CVE-2024-28152

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/03/2024
Last modified:
07/11/2024

Description

In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.