Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jenkins:bitbucket_server_integration:1.0:beta3:*:*:*:jenkins:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-28134 |
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. Published: March 29, 2022; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2022-28133 |
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. Published: March 29, 2022; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |