34 matches found
CVE-2026-57289
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to...
CVE-2026-57289
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to...
CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
Session Fixation
Jenkins Bitbucket OAuth Plugin is vulnerable to session fixation. The vulnerability is due to the plugin not invalidating the previous session on login, where an attacker can reuse an existing session and gain unauthorized access...
CVE-2025-64148
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
EUVD-2025-36645
Jenkins Publish to Bitbucket Plugin is missing a permissions check...
EUVD-2025-36643
Jenkins Publish to Bitbucket Plugin is missing a permissions check...
EUVD-2025-36644
Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check...
GHSA-M244-6MFF-P355 Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check
Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-V549-7PM5-F8QR Jenkins Publish to Bitbucket Plugin is missing a permissions check
Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the...
Missing Authorization
Overview org.jenkins-ci.plugins:publish-to-bitbucket is a This plugin publishes the current code to a bitbucket server by creating a new repository and/or project. Creates a Bitbucket repository and associated project from the current code. Features Creates Bitbucket repository based on the curre...
Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check
Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials IDs obtained through another method, capturing...
Jenkins Publish to Bitbucket Plugin is missing a permissions check
Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-WPR5-RC2J-99P2 Jenkins Publish to Bitbucket Plugin is missing a permissions check
Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2025-64149
A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64149
A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64148
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2025-64150
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64150
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64150
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...