pkg:maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source
Type
maven
Namespace
org.jenkins-ci.plugins
Name
cloudbees-bitbucket-branch-source
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source package.
High
2
Moderate
3
Medium
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 737.vdf9dc06105be |
CVE-2022-20618
|
JENKINS:SECURITY-2033 | Missing permission checks in `cloudbees-bitbucket-branch-source` allow enumerating credentials IDs | medium |
2022-01-12T00:00:00
(2 years ago) |
|
Fixed | = 746.v350d2781c184 |
CVE-2022-20618
|
JENKINS:SECURITY-2033 | Missing permission checks in `cloudbees-bitbucket-branch-source` allow enumerating credentials IDs | medium |
2022-01-12T00:00:00
(2 years ago) |
|
Affected | <= 737.vdf9dc06105be |
CVE-2022-20619
|
JENKINS:SECURITY-2467 | CSRF vulnerability in `cloudbees-bitbucket-branch-source` allows capturing credentials | high |
2022-01-12T00:00:00
(2 years ago) |
|
Fixed | = 746.v350d2781c184 |
CVE-2022-20619
|
JENKINS:SECURITY-2467 | CSRF vulnerability in `cloudbees-bitbucket-branch-source` allows capturing credentials | high |
2022-01-12T00:00:00
(2 years ago) |
|
Affected | <= 866.vdea_7dcd3008e |
CVE-2024-28152
|
JENKINS:SECURITY-3300 | Incorrect trust policy behavior for pull requests from forks in `cloudbees-bitbucket-branch-source` | medium |
2024-03-06T00:00:00
(6 months ago) |
|
Fixed | = 871.v28d74e8b_4226 |
CVE-2024-28152
|
JENKINS:SECURITY-3300 | Incorrect trust policy behavior for pull requests from forks in `cloudbees-bitbucket-branch-source` | medium |
2024-03-06T00:00:00
(6 months ago) |
|
Affected | <= 886.v44cf5e4ecec5 |
CVE-2024-39460
|
JENKINS:SECURITY-3363 | Bitbucket OAuth access token exposed in the build log by `cloudbees-bitbucket-branch-source` | medium |
2024-06-26T00:00:00
(2 months ago) |
|
Fixed | = 887.va_d359b_3d2d8d |
CVE-2024-39460
|
JENKINS:SECURITY-3363 | Bitbucket OAuth access token exposed in the build log by `cloudbees-bitbucket-branch-source` | medium |
2024-06-26T00:00:00
(2 months ago) |
|
Affected | < 871.v28d74e8b4226 |
CVE-2024-28152
|
MAVEN:GHSA-M4RM-X2RR-357W | Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests | moderate |
2024-03-06T18:30:38
(6 months ago) |
|
Fixed | = 871.v28d74e8b_4226 |
CVE-2024-28152
|
MAVEN:GHSA-M4RM-X2RR-357W | Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests | moderate |
2024-03-06T18:30:38
(6 months ago) |
|
Affected | < 2.9.7.2 >= 2.9.8, < 2.9.11.2 >= 720.vbe985dd73d66, < 725.vd9f8be0fa250 >= 726.v7e6f53de133c, < 746.v350d2781c184 |
CVE-2022-20618
|
MAVEN:GHSA-W2MH-6XJ5-F77F | Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin | moderate |
2022-01-13T00:01:02
(2 years ago) |
|
Fixed | = 2.9.7.2 = 2.9.11.2 = 725.vd9f8be0fa250 = 746.v350d2781c184 |
CVE-2022-20618
|
MAVEN:GHSA-W2MH-6XJ5-F77F | Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin | moderate |
2022-01-13T00:01:02
(2 years ago) |
|
Affected | < 2.9.7.2 >= 2.9.8, < 2.9.11.2 >= 720.vbe985dd73d66, < 725.vd9f8be0fa250 >= 726.v7e6f53de133c, < 746.v350d2781c184 |
CVE-2022-20619
|
MAVEN:GHSA-W4JV-6RG4-PR4M | Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin | high |
2022-01-13T00:01:00
(2 years ago) |
|
Fixed | = 2.9.7.2 = 2.9.11.2 = 725.vd9f8be0fa250 = 746.v350d2781c184 |
CVE-2022-20619
|
MAVEN:GHSA-W4JV-6RG4-PR4M | Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin | high |
2022-01-13T00:01:00
(2 years ago) |
|
Affected | <= 886.v44cf5e4ecec5 |
CVE-2024-39460
|
MAVEN:GHSA-X8MF-JCMF-R79F | Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin | moderate |
2024-06-26T18:30:28
(2 months ago) |
|
Fixed | = 887.va |
CVE-2024-39460
|
MAVEN:GHSA-X8MF-JCMF-R79F | Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin | moderate |
2024-06-26T18:30:28
(2 months ago) |