4.3
CVE-2026-48924
- EPSS 0.22%
- Veröffentlicht 27.05.2026 15:16:32
- Zuletzt bearbeitet 28.05.2026 16:59:48
- Quelle jenkinsci-cert@googlegroups.co
- CVE-Watchlists
- Unerledigt
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Bitbucket Oauth SwPlatformjenkins Version <= 0.17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3761