CVE-2024-39460

CWE-532 — Log File Information Exposure CWE-1176 documents6 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 56.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Bitbucket Branch Source Plugin Jenkins Bitbucket Branch Source

Timeline

PublishedJun 26

Description

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:cloudbees-bitbucket-branch-source< 887.va

▶CVEListV5jenkins_project/jenkins_bitbucket_branch_source_plugin886.v44cf5e4ecec5

▶NVDjenkins/bitbucket_branch_source886.v44cf5e4ecec5

🔴Vulnerability Details

GHSA

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin↗2024-06-26

▶

OSV

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin↗2024-06-26

▶

CVEList

CVE-2024-39460: Jenkins Bitbucket Branch Source Plugin 886↗2024-06-26

▶

📋Vendor Advisories

Red Hat

jenkins: bitbucket: Improper neutralization of OAuth credentials↗2024-06-26

▶

Jenkins

Jenkins Security Advisory 2024-06-26↗2024-06-26

▶