Bitbucket Server Integration Security Vulnerabilities and Issues — Bitbucket Server Integration CVE List

Lucene search

JenkinsBitbucket Server Integration

3 matches found

CVE•added 2022/03/29 1:15 p.m.•124 views

CVE-2022-28134

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.

5.5CVSS5.2AI score0.00906EPSS

CVE•added 2022/03/29 1:15 p.m.•99 views

CVE-2022-28133

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.

5.4CVSS5.2AI score0.31598EPSS

CVE•added 2025/01/22 5:15 p.m.•62 views

CVE-2025-24398

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

8.8CVSS6.9AI score0.00102EPSS