Bitbucket OAuth Access Token Disclosure Vulnerability
CVE-2024-39460

Currently unrated

Key Information:

Vendor
Jenkins
Status
Jenkins Bitbucket Branch Source Plugin
Vendor
CVE Published:
26 June 2024

Summary

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

Affected Version(s)

Jenkins Bitbucket Branch Source Plugin 0 <= 886.v44cf5e4ecec5

References

https://www.jenkins.io/security/advisory/2024-06-26/#SECU...
vendor-advisory
http://www.openwall.com/lists/oss-security/2024/06/26/2

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.