24 matches found
Open Redirect
Overview org.jenkins-ci.plugins:bitbucket-oauth is a Jenkins Plugin that supports authentication via Bitbucket OAuth. Affected versions of this package are vulnerable to Open Redirect via the redirect URL parameter after authentication. An attacker can redirect users to malicious sites by craftin...
CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
Jenkins Bitbucket OAuth Plugin 安全漏洞
The Jenkins Bitbucket OAuth Plugin is an open-source identity authentication plugin for Jenkins. Versions of the Jenkins Bitbucket OAuth Plugin prior to 0.17 contain security vulnerabilities. These vulnerabilities stem from the lack of restrictions on the redirection URL after login, which may...
EUVD-2024-32590
Malicious code in bioql PyPI...
EUVD-2023-0586
Malicious code in bioql PyPI...
EUVD-2022-3105
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-4024
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versio...
CVE-2025-55750 Gitpod Classic Affected by Bitbucket OAuth Token Exposure via Redirect Fragment
Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via the URL fragment...
CVE-2019-10460
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
Jenkins plugins Multiple Vulnerabilities (2023-01-24)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - High Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are...
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24428
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24428
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...
Design/Logic Flaw
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account...
Jenkins Plugin Bitbucket OAuth 授权问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...
PT-2023-19587 · Jenkins · Jenkins Bitbucket Oauth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket OAuth Plugin versions 0.12 and earlier Description: The issue arises because the Jenkins Bitbucket OAuth Plugin does not invalidate the previous session on login, which can lead to potential security risks. Recommendations:...
CVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...