Vulnerability in Jenkins Bitbucket Plugin Exposes Credentials
CVE-2023-41937

7.5HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Bitbucket Push And Pull Request Plugin
Vendor: CVE Published:; 6 September 2023

What is CVE-2023-41937?

The Jenkins Bitbucket Push and Pull Request Plugin, versions 2.4.0 to 2.8.3, improperly trusts values in webhook payloads. This flaw allows attackers to send specially crafted webhook requests that can deceive the plugin into connecting to arbitrary URLs, leading to the exposure of sensitive Bitbucket credentials stored within Jenkins. This vulnerability emphasizes the need for stringent validation of incoming data and robust security measures to protect critical user information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 <= 2.8.3

References

https://www.jenkins.io/security/advisory/2023-09-06/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/09/06/9

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Sep 5, 2023

JSON

Jenkins

What is CVE-2023-41937?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.