Maven package
io.jenkins.plugins/atlassian-bitbucket-server-integration
pkg:maven/io.jenkins.plugins/atlassian-bitbucket-server-integration
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24398 | — | >= 2.1.0, < 4.1.4 | 4.1.4 | Jan 22, 2025 | Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||
| CVE-2022-28134 | — | < 3.2.0 | 3.2.0 | Mar 29, 2022 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | ||
| CVE-2022-28133 | — | >= 2.0.0, < 3.2.0 | 3.2.0 | Mar 29, 2022 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. |
- CVE-2025-24398Jan 22, 2025affected >= 2.1.0, < 4.1.4fixed 4.1.4
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
- CVE-2022-28134Mar 29, 2022affected < 3.2.0fixed 3.2.0
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.
- CVE-2022-28133Mar 29, 2022affected >= 2.0.0, < 3.2.0fixed 3.2.0
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.