pkg:maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source

Type maven

Namespace org.jenkins-ci.plugins

Name cloudbees-bitbucket-branch-source

Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source package.

Repository: https://mvnrepository.com/artifact/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source

High 2

Moderate 3

Medium 3

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	<= 737.vdf9dc06105be		CVE-2022-20618	JENKINS:SECURITY-2033	Missing permission checks in `cloudbees-bitbucket-branch-source` allow enumerating credentials IDs	medium	2022-01-12T00:00:00 (2 years ago)
Fixed	= 746.v350d2781c184		CVE-2022-20618	JENKINS:SECURITY-2033	Missing permission checks in `cloudbees-bitbucket-branch-source` allow enumerating credentials IDs	medium	2022-01-12T00:00:00 (2 years ago)
Affected	<= 737.vdf9dc06105be		CVE-2022-20619	JENKINS:SECURITY-2467	CSRF vulnerability in `cloudbees-bitbucket-branch-source` allows capturing credentials	high	2022-01-12T00:00:00 (2 years ago)
Fixed	= 746.v350d2781c184		CVE-2022-20619	JENKINS:SECURITY-2467	CSRF vulnerability in `cloudbees-bitbucket-branch-source` allows capturing credentials	high	2022-01-12T00:00:00 (2 years ago)
Affected	<= 866.vdea_7dcd3008e		CVE-2024-28152	JENKINS:SECURITY-3300	Incorrect trust policy behavior for pull requests from forks in `cloudbees-bitbucket-branch-source`	medium	2024-03-06T00:00:00 (6 months ago)
Fixed	= 871.v28d74e8b_4226		CVE-2024-28152	JENKINS:SECURITY-3300	Incorrect trust policy behavior for pull requests from forks in `cloudbees-bitbucket-branch-source`	medium	2024-03-06T00:00:00 (6 months ago)
Affected	<= 886.v44cf5e4ecec5		CVE-2024-39460	JENKINS:SECURITY-3363	Bitbucket OAuth access token exposed in the build log by `cloudbees-bitbucket-branch-source`	medium	2024-06-26T00:00:00 (2 months ago)
Fixed	= 887.va_d359b_3d2d8d		CVE-2024-39460	JENKINS:SECURITY-3363	Bitbucket OAuth access token exposed in the build log by `cloudbees-bitbucket-branch-source`	medium	2024-06-26T00:00:00 (2 months ago)
Affected	< 871.v28d74e8b4226		CVE-2024-28152	MAVEN:GHSA-M4RM-X2RR-357W	Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests	moderate	2024-03-06T18:30:38 (6 months ago)
Fixed	= 871.v28d74e8b_4226		CVE-2024-28152	MAVEN:GHSA-M4RM-X2RR-357W	Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests	moderate	2024-03-06T18:30:38 (6 months ago)
Affected	< 2.9.7.2 >= 2.9.8, < 2.9.11.2 >= 720.vbe985dd73d66, < 725.vd9f8be0fa250 >= 726.v7e6f53de133c, < 746.v350d2781c184		CVE-2022-20618	MAVEN:GHSA-W2MH-6XJ5-F77F	Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin	moderate	2022-01-13T00:01:02 (2 years ago)
Fixed	= 2.9.7.2 = 2.9.11.2 = 725.vd9f8be0fa250 = 746.v350d2781c184		CVE-2022-20618	MAVEN:GHSA-W2MH-6XJ5-F77F	Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin	moderate	2022-01-13T00:01:02 (2 years ago)
Affected	< 2.9.7.2 >= 2.9.8, < 2.9.11.2 >= 720.vbe985dd73d66, < 725.vd9f8be0fa250 >= 726.v7e6f53de133c, < 746.v350d2781c184		CVE-2022-20619	MAVEN:GHSA-W4JV-6RG4-PR4M	Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin	high	2022-01-13T00:01:00 (2 years ago)
Fixed	= 2.9.7.2 = 2.9.11.2 = 725.vd9f8be0fa250 = 746.v350d2781c184		CVE-2022-20619	MAVEN:GHSA-W4JV-6RG4-PR4M	Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin	high	2022-01-13T00:01:00 (2 years ago)
Affected	<= 886.v44cf5e4ecec5		CVE-2024-39460	MAVEN:GHSA-X8MF-JCMF-R79F	Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin	moderate	2024-06-26T18:30:28 (2 months ago)
Fixed	= 887.va		CVE-2024-39460	MAVEN:GHSA-X8MF-JCMF-R79F	Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin	moderate	2024-06-26T18:30:28 (2 months ago)