) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:jenkins:bitbucket_oauth:0.4:*:*:*:*:jenkins:*:*
- CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-24428 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. Published: January 26, 2023; 4:18:17 PM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0:(not available) |
| CVE-2023-24427 |
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. Published: January 26, 2023; 4:18:16 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2019-10460 |
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Published: October 23, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 2.1 LOW |