Maven package
org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source
pkg:maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39460 | — | < 887.va | 887.va | Jun 26, 2024 | Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. | ||
| CVE-2024-28152 | — | < 871.v28d74e8b_4226 | 871.v28d74e8b_4226 | Mar 6, 2024 | In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when u | ||
| CVE-2022-20619 | — | >= 726.v7e6f53de133c, < 746.v350d2781c184 | 746.v350d2781c184 | Jan 12, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials store | ||
| CVE-2022-20618 | — | >= 726.v7e6f53de133c, < 746.v350d2781c184 | 746.v350d2781c184 | Jan 12, 2022 | A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. |
- CVE-2024-39460Jun 26, 2024affected < 887.vafixed 887.va
Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.
- CVE-2024-28152Mar 6, 2024affected < 871.v28d74e8b_4226fixed 871.v28d74e8b_4226
In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when u
- CVE-2022-20619Jan 12, 2022affected >= 726.v7e6f53de133c, < 746.v350d2781c184fixed 746.v350d2781c184
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials store
- CVE-2022-20618Jan 12, 2022affected >= 726.v7e6f53de133c, < 746.v350d2781c184fixed 746.v350d2781c184
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.