CVE-2022-28133

2022-03-2912:30:43

jenkins

www.cve.org

jenkins

bitbucket server

integration

plugin

3.1.0

xss

vulnerability

oauth

consumers

bitbucket server

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.

CNA Affected

[
  {
    "product": "Jenkins Bitbucket Server Integration Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]