Back to bug 2044478
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Przemyslaw Roguski | 2022-01-25 11:29:16 UTC | Severity | high | medium |
| Priority | high | medium | ||
| Doc Text | A cross-site request forgery (CSRF) vulnerability was found in the Jenkins Bitbucket Branch Source plugin. For HTTP endpoint the POST requests are not required, what allows attackers with Overall/Read access to connect to an attacker-specified URL (using attacker-specified credentials IDs) capturing credentials stored in Jenkins. | |||
| Przemyslaw Roguski | 2022-01-25 11:32:33 UTC | Depends On | 2044951, 2044952 | |
| RaTasha Tillery-Smith | 2022-01-25 20:18:12 UTC | Doc Text | A cross-site request forgery (CSRF) vulnerability was found in the Jenkins Bitbucket Branch Source plugin. For HTTP endpoint the POST requests are not required, what allows attackers with Overall/Read access to connect to an attacker-specified URL (using attacker-specified credentials IDs) capturing credentials stored in Jenkins. | A Cross-site request forgery (CSRF) vulnerability was found in the Jenkins Bitbucket Branch Source plugin. In the HTTP endpoint, the POST requests are not required. This flaw allows an attacker with Overall/Read access to connect to an attacker-specified URL (using attacker-specified credentials IDs), capturing credentials stored in Jenkins. |
| Przemyslaw Roguski | 2022-01-28 16:54:57 UTC | Depends On | 2044951 | |
| Przemyslaw Roguski | 2022-01-28 16:57:32 UTC | Depends On | 2047839 | |
| Red Hat Bugzilla | 2022-05-09 08:30:37 UTC | CC | aos-bugs | |
| Red Hat Bugzilla | 2022-09-30 18:50:54 UTC | CC | pbhattac | |
| Red Hat Bugzilla | 2023-07-07 08:29:48 UTC | Assignee | security-response-team | nobody |
Back to bug 2044478