Unrated severityNVD Advisory· Published Jun 24, 2026· Updated Jun 24, 2026

CVE-2026-57289

Description

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Jenkins Project/Bitbucket Push and Pull Request Pluginllm-fuzzy
Range: <=3.3.8

Patches

Vulnerability mechanics

References

www.jenkins.io/security/advisory/2026-06-24/mitrevendor-advisory

News mentions

Jenkins Security Advisory 2026-06-24
Jenkins Security Advisories · Jun 24, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000