Jenkins Bitbucket Branch Source Plugin prior to 746.v350d2781c184, 725.vd9f8be0fa250, 2.9.11.2, and 2.9.7.2 does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Bitbucket Branch Source Plugin 746.v350d2781c184, 725.vd9f8be0fa250, 2.9.11.2, and 2.9.7.2 requires the appropriate permissions.

Affected Packages

Maven org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source

Affected versions: 726.v7e6f53de133c (fixed in 746.v350d2781c184)

Maven org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source

Affected versions: 720.vbe985dd73d66 (fixed in 725.vd9f8be0fa250)

Maven org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source

Affected versions: 2.9.8 (fixed in 2.9.11.2)

Maven org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source

Affected versions: 0 (fixed in 2.9.7.2)

Related CVEs

CVE-2022-20618

Key Information

GHSA ID

GHSA-w2mh-6xj5-f77f

Published

January 13, 2022 12:01 AM

Last Modified

May 24, 2023 5:10 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.