CVE-2024-39460

EPSS 0.21%
Veröffentlicht 26.06.2024 17:15:27
Zuletzt bearbeitet 10.10.2025 15:29:17
Quelle jenkinsci-cert@googlegroups.co
CVE-Watchlists
Login
Unerledigt
Login

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Bitbucket Branch Source SwPlatformjenkins Version <= 886.v44cf5e4ecec5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.434

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

http://www.openwall.com/lists/oss-security/2024/06/26/2

Mailing List

https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-39460

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39460

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39460

EUVD