Jenkins Project Jenkins Bitbucket Oauth Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_bitbucket_oauth_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-24427CRITICALCVSS 9.8≥ unspecified, ≤ 0.122023-01-26
CVE-2023-24427 [CRITICAL] CWE-384 CVE-2023-24427: Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
cvelistv5nvd
CVE-2023-24428MEDIUMCVSS 5.7≥ unspecified, ≤ 0.122023-01-26
CVE-2023-24428 [MEDIUM] CWE-352 CVE-2023-24428: A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
cvelistv5nvd
CVE-2019-10460HIGHCVSS 7.8v0.9 and earlier2019-10-23
CVE-2019-10460 [HIGH] CWE-522 CVE-2019-10460: Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.x
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
cvelistv5nvd