CVE-2024-28152

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-281
View all →

Vulnerability Description

In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.

Related Vulnerabilities

CVE-2021-41089

MEDIUM
CVSS:6.3(Medium)

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted ...

CWE-2812021

CVE-2021-41091

MEDIUM
CVSS:6.3(Medium)

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirect...

CWE-2812021

CVE-2023-25809

MEDIUM
CVSS:6.3(Medium)

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: ...

CWE-2812023

CVE-2023-2993

MEDIUM
CVSS:6.3(Medium)

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the ...

CWE-2812023

CVE-2024-50929

MEDIUM
CVSS:6.2(Medium)

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).

CWE-2812024

CVE-2021-3418

MEDIUM
CVSS:6.4(Medium)

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot...

CWE-2812021