CVE-2024-39460 – org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source

Package

Manager: maven
Name: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Vulnerable Version: >=0 <887.va

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00151 pctl0.36281

Details

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.

Metadata

Created: 2024-06-26T18:30:28Z
Modified: 2024-06-26T20:00:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-x8mf-jcmf-r79f/GHSA-x8mf-jcmf-r79f.json
CWE IDs: ["CWE-532"]
Alternative ID: GHSA-x8mf-jcmf-r79f
Finding: F009
Auto approve: 1