Lucene search
China National Vulnerability DatabaseCNVD-2022-54948HistoryMar 31, 2022 - 12:00 a.m.
Jenkins Bitbucket Server Integration Plugin跨站脚本漏洞
2022-03-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
jenkins
bitbucket server
integration plugin
cross-site scripting
vulnerability
oauth
javascript
client side
security document
EPSS
0.001
Percentile
22.0%
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the server The integration plugin does not restrict the URL scheme for callback URLs on OAuth users, and an attacker able to create BitBucket Server consumers could exploit the vulnerability to execute JavaScript code on the client side.
Related
cvelist
cvelist
CVE-2022-28133
2022-03-29 12:30:43
github
github
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin
2022-03-30 00:00:26
osv
osv
CVE-2022-28133
2022-03-29 13:15:08
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin
2022-03-30 00:00:26
cve
cve
CVE-2022-28133
2022-03-29 13:15:08
nvd
nvd
CVE-2022-28133
2022-03-29 13:15:08
prion
prion
Cross site scripting
2022-03-29 13:15:00
alpinelinux
alpinelinux
CVE-2022-28133
2022-03-29 13:15:08
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-03-29)
2022-03-31 00:00:00