Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jenkins:bitbucket_oauth:0.9:*:*:*:*:jenkins:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-24428 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. Published: January 26, 2023; 4:18:17 PM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2023-24427 |
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. Published: January 26, 2023; 4:18:16 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2019-10460 |
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Published: October 23, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 2.1 LOW |