943 matches found
Atlassian Bitbucket - Remote Command Injection
Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...
Open Redirect
Overview org.jenkins-ci.plugins:bitbucket-oauth is a Jenkins Plugin that supports authentication via Bitbucket OAuth. Affected versions of this package are vulnerable to Open Redirect via the redirect URL parameter after authentication. An attacker can redirect users to malicious sites by craftin...
CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-48924
The CVE-2026-48924 entry concerns Jenkins Bitbucket OAuth Plugin affected in versions 0.17 and earlier. The root cause is insufficient validation of the redirect URL after login, which enables phishing attacks by deceiving users during OAuth flow. The impact is phishing risk; no exploitation deta...
CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
EUVD-2026-32515
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
Jenkins Bitbucket OAuth Plugin 安全漏洞
The Jenkins Bitbucket OAuth Plugin is an open-source identity authentication plugin for Jenkins. Versions of the Jenkins Bitbucket OAuth Plugin prior to 0.17 contain security vulnerabilities. These vulnerabilities stem from the lack of restrictions on the redirection URL after login, which may...
PT-2026-44017
Name of the Vulnerable Software and Affected Versions Jenkins Bitbucket OAuth Plugin versions prior to 0.18 Description The plugin fails to restrict the redirect URL after the login process, which enables attackers to conduct phishing attacks via open redirection. Recommendations Update to a...
Astra Linux - уязвимость в ansible
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...
DoS (Denial of Service) in Bitbucket Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1 and 10.0.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...
DoS (Denial of Service) ua-parser-js Dependency in Bitbucket Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.4.12, 10.0.1, and 10.1.1 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...
XSS (Cross Site Scripting) dompurify Dependency in Bitbucket Data Center
This High severity XSS Cross Site Scripting vulnerability was introduced in versions 8.19.0, 9.0.1, and 10.0.0 of Bitbucket Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an unauthenticate...
Contagious Interview: Malware delivered through fake developer job interviews
Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...
Contagious Interview: Malware delivered through fake developer job interviews
Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...
Backstage vulnerable to potential reading of SCM URLs using built in token
Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...
GHSA-95V5-PRP4-5GV5 Backstage vulnerable to potential reading of SCM URLs using built in token
Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...
GitLab 11.2 < 18.7.5 / 18.8 < 18.8.5 / 18.9 < 18.9.1 (CVE-2026-2845)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of...
BIT-GITLAB-2026-2845 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses...
Linux Distros Unpatched Vulnerability : CVE-2026-1725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated...