6.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-28152

GHSA ID

GHSA-m4rm-x2rr-357w

EPSS Score

0.12503%

CWE

CWE-281

Published

3/6/2024

Updated

11/7/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-28152

CVE-2024-28152:
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.

(GitHub Advisory)

6.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-28152

GHSA ID

GHSA-m4rm-x2rr-357w

EPSS Score

0.12503%

CWE

CWE-281

Published

3/6/2024

Updated

11/7/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source	maven	< 871.v28d74e8b4226	871.v28d74e8b_4226

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper permission preservation (CWE-281) when handling pull requests from forks. The commit diff shows critical changes in pull request handling logic:- In BitbucketGitSCMBuilder.java, the withPullRequestRemote() method determines cloning strategy but previously didn't properly validate() if the user had write access when using same-account forks.- In BitbucketSCMSource.java, the initCloneLinks() method's mirror handling could bypass permission checks. The patched version adds proper validation() for contributor permissions when using mirrors, indicating these were the vulnerable areas.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In J*nkins *it*u*k*t *r*n** Sour** Plu*in ***.v***_********* *n* **rli*r, *x**pt ***.***.v**_*_**_****_***, w**n *is*ov*rin* pull r*qu*sts *rom *orks, t** trust poli*y "*orks in t** s*m* ***ount" *llows ***n**s to J*nkins*il*s *rom us*rs wit*out writ

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*rmission pr*s*rv*tion (*W*-***) w**n **n*lin* pull r*qu*sts *rom *orks. T** *ommit *i** s*ows *riti**l ***n**s in pull r*qu*st **n*lin* lo*i*:- In `*it*u*k*t*itS*M*uil**r.j*v*`, t** `wit*PullR*qu*stR*mot*()` m*

6.3

Basic Information

Concerned about an active attack path?

CVE-2024-28152: Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

6.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-28152:
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

Vulnerability Intelligence
Miggo AI