{
  "threat_severity" : "Moderate",
  "public_date" : "2022-01-12T00:00:00Z",
  "bugzilla" : {
    "description" : "jenkins-2-plugins/cloudbees-bitbucket-branch-source: missing permission check allow ID enumeration",
    "id" : "2044466",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2044466"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-425",
  "details" : [ "A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.", "A missing permissions check vulnerability was found in the Jenkins Bitbucket Branch Source plugin in several HTTP endpoints. This flaw allows attackers with Overall/Read access to enumerate IDs of credentials stored in Jenkins." ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Will not fix",
    "package_name" : "jenkins-2-plugins",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "jenkins-2-plugins",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-20618\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-20618\nhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2033" ],
  "name" : "CVE-2022-20618",
  "csaw" : false
}