89 matches found
CVE-2023-24428
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...
Design/Logic Flaw
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...
Jenkins Plugin Bitbucket OAuth 授权问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-19587 · Jenkins · Jenkins Bitbucket Oauth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket OAuth Plugin versions 0.12 and earlier Description: The issue arises because the Jenkins Bitbucket OAuth Plugin does not invalidate the previous session on login, which can lead to potential security risks. Recommendations:...
CVE-2023-24428
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...
GHSA-84H6-JF8X-FF2J Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
Jenkins Bitbucket OAuth Plugin prior to 0.10 stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
org.jenkins-ci.plugins:google-storage-plugin (>=0.1 <=0.4) potentially affected by CVE-2019-10436 via org.jenkins-ci.plugins:google-oauth-plugin (=0.1)
org.jenkins-ci.plugins:google-oauth-plugin MAVEN version =0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:google-oauth-plugin and may be impacted: - org.jenkins-ci.plugins:google-storage-plugin =0.1, =0.4 Source cves:...
com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.0), org.jenkins-ci.lib:xtrigger-lib (=0.36) +13 more potentially affected by CVE-2016-0789 via org.jenkins-ci.main:jenkins-core (>=1.643 <=1.649)
org.jenkins-ci.main:jenkins-core MAVEN version =1.643, =4.0.9, =1.643, =1.643, =1.645, =0.5, =1.648, =4.0.4, =1.0.0, =1.643, =1.0.45, =0.3.2, =0.3.8 - org.jenkins.plugins.statistics.gatherer:statistics-gatherer =1.0.1 Source cves: CVE-2016-0789 Source advisory: OSV:GHSA-8P3C-M625-WH83...
Atlassian OAuth Plugin 1.3.0 < 1.9.12 / 2.0.0 < 2.0.4 Server-Side Request Forgery
Atlassian OAuth Plugin from version 1.3.0 to 1.9.11 and from version 2.0.0 to 2.0.3 allows remote attackers to make the target application act as a proxy and perform requests to internal or external resources through the IconUriServlet. Attackers may leverage this vulnerability to conduct...
Unspecified Vulnerability in CloudBees Jenkins Bitbucket OAuth Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Bitbucket OAuth Plugin is used in which a...
CVE-2019-10460
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
PT-2019-11854 · Jenkins · Jenkins Bitbucket Oauth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket OAuth Plugin versions 0.9 and earlier Jenkins Bitbucket OAuth Plugin prior to 0.10 Description: The issue concerns the storage of credentials in an unencrypted manner in the global config.xml configuration file on the Jenkin...
Atlassian Bitbucket < 4.14.4 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
The version of Atlassian Bitbucket installed on the remote host is prior to 4.14.4. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the...
Atlassian Confluence < 6.1.3 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.1.3. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this...
Atlassian FishEye < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
According to its self-reported version, the installation of Atlassian FishEye running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue bu...
Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied
According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is prior to 6.0.0. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue...
U.S. Dept Of Defense: SSRF on █████████ Allowing internal server data access
Summary: An end point on ██████ allows an internal access to the network thus revealing sensitive data and allowing internal tunneling Description: OAuth Plugin allows you to provide a url that gives a snap shot of the web page. We can pass internal URLS and conduct SSRF. Impact Critical...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...