{"id":"CVE-2022-20618","details":"A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.","aliases":["GHSA-w2mh-6xj5-f77f"],"modified":"2026-04-12T05:16:57.593884Z","published":"2022-01-12T20:15:08.957Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/01/12/6"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2033"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/bitbucket-branch-source-plugin","events":[{"introduced":"0"},{"last_affected":"2bdc16ebef04d566fe616bb2a22f2389535f9963"},{"last_affected":"df9dc06105be95eb2d861c689a0f199c6958743b"}],"database_specific":{"cpe":["cpe:2.3:a:jenkins:bitbucket_branch_source:*:*:*:*:*:jenkins:*:*","cpe:2.3:a:jenkins:bitbucket_branch_source:737.vdf9dc06105be:*:*:*:*:jenkins:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.9.10"},{"last_affected":"737.vdf9dc06105be"}]}}],"versions":["723.vbabdf19eb4c7","726.vb0c1ea6c9336","731.v1f980b7eba32","734.v2f848c5e6ea2","737.vdf9dc06105be","cloudbees-bitbucket-branch-source-2.0.2","cloudbees-bitbucket-branch-source-2.1.0","cloudbees-bitbucket-branch-source-2.1.1","cloudbees-bitbucket-branch-source-2.1.2","cloudbees-bitbucket-branch-source-2.2.0","cloudbees-bitbucket-branch-source-2.2.1","cloudbees-bitbucket-branch-source-2.2.10","cloudbees-bitbucket-branch-source-2.2.11","cloudbees-bitbucket-branch-source-2.2.12","cloudbees-bitbucket-branch-source-2.2.13","cloudbees-bitbucket-branch-source-2.2.14","cloudbees-bitbucket-branch-source-2.2.15","cloudbees-bitbucket-branch-source-2.2.16","cloudbees-bitbucket-branch-source-2.2.2","cloudbees-bitbucket-branch-source-2.2.3","cloudbees-bitbucket-branch-source-2.2.4","cloudbees-bitbucket-branch-source-2.2.5","cloudbees-bitbucket-branch-source-2.2.6","cloudbees-bitbucket-branch-source-2.2.7","cloudbees-bitbucket-branch-source-2.2.8","cloudbees-bitbucket-branch-source-2.2.9","cloudbees-bitbucket-branch-source-2.3.0","cloudbees-bitbucket-branch-source-2.4.0","cloudbees-bitbucket-branch-source-2.4.1","cloudbees-bitbucket-branch-source-2.4.2","cloudbees-bitbucket-branch-source-2.4.3","cloudbees-bitbucket-branch-source-2.4.4","cloudbees-bitbucket-branch-source-2.4.5","cloudbees-bitbucket-branch-source-2.4.6","cloudbees-bitbucket-branch-source-2.5.0","cloudbees-bitbucket-branch-source-2.6.0","cloudbees-bitbucket-branch-source-2.7.0","cloudbees-bitbucket-branch-source-2.8.0","cloudbees-bitbucket-branch-source-2.9.0","cloudbees-bitbucket-branch-source-2.9.1","cloudbees-bitbucket-branch-source-2.9.10","cloudbees-bitbucket-branch-source-2.9.11","cloudbees-bitbucket-branch-source-2.9.12","cloudbees-bitbucket-branch-source-2.9.2","cloudbees-bitbucket-branch-source-2.9.3","cloudbees-bitbucket-branch-source-2.9.4","cloudbees-bitbucket-branch-source-2.9.5","cloudbees-bitbucket-branch-source-2.9.6","cloudbees-bitbucket-branch-source-2.9.7","cloudbees-bitbucket-branch-source-2.9.8","cloudbees-bitbucket-branch-source-2.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-20618.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}