6.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-28152

CVE-2024-28152: Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-28152

CVE-2024-28152:

6.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source	maven	< 871.v28d74e8b4226	871.v28d74e8b_4226

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper permission preservation (CWE-281) when handling pull requests from forks. The commit diff shows critical changes in pull request handling logic:- In BitbucketGitSCMBuilder.java, the withPullRequestRemote() method determines cloning strategy but previously didn't properly validate() if the user had write access when using same-account forks.- In BitbucketSCMSource.java, the initCloneLinks() method's mirror handling could bypass permission checks. The patched version adds proper validation() for contributor permissions when using mirrors, indicating these were the vulnerable areas.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

6.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-28152: Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

CVE-2024-28152:

6.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

6.3

6.3

CVE-2024-28152: Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

6.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-28152: Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

CVE-2024-28152:

6.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability IntelligenceMiggo AI

6.3

6.3

CVE-2024-28152: Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI