Bitbucket Push and Pull Request Plugin

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-57289	Jenkins Project Bitbucket Push and Pull Request Plugin		0.00	—	—		Jun 24, 2026	Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept…
CVE-2023-41937	Jenkins Project Bitbucket Push and Pull Request Plugin		0.00	—	0.01		Sep 6, 2023	Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials…

CVE-2026-57289Jun 24, 2026
Jenkins Project
Bitbucket Push and Pull Request Plugin
risk 0.00cvss —epss —
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept…
CVE-2023-41937Sep 6, 2023
Jenkins Project
Bitbucket Push and Pull Request Plugin
risk 0.00cvss —epss 0.01
Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials…