5 matches found
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create BitBucket Server consumers...
Missing permission checks in Jekins Bitbucket Server Integration Plugin
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...
CVE-2022-28134
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers...
CVE-2022-28133
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create BitBucket Server consumers...
PT-2022-18832 · Jenkins · Jenkins Bitbucket Server Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Server Integration Plugin versions 3.1.0 and earlier Description: The issue allows attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers due to a lack of permission checks in several...