Bitbucket OAuth Access Token Disclosure Vulnerability
CVE-2024-39460

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Bitbucket Branch Source Plugin
Vendor: CVE Published:; 26 June 2024

What is CVE-2024-39460?

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

Affected Version(s)

Jenkins Bitbucket Branch Source Plugin 0 <= 886.v44cf5e4ecec5

References

https://www.jenkins.io/security/advisory/2024-06-26/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/06/26/2

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2024
Vulnerability Reserved
Jun 25, 2024