Skip to main content

Bitbucket Server Integration

3 CVEs product

Monthly

CVE-2025-24398 Maven HIGH PATCH This Month

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Bitbucket Server Integration
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-28134 Maven MEDIUM PATCH This Month

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Bitbucket Server Integration
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-28133 Maven MEDIUM PATCH This Month

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Bitbucket Server Integration
NVD
CVSS 3.1
5.4
EPSS
0.8%
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Bitbucket Server Integration
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Bitbucket Server Integration
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Bitbucket Server Integration
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy