Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2025-24398
- EPSS 0.13%
- Published 22.01.2025 17:15:13
- Last modified 06.06.2025 15:23:36
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
5.4
CVE-2022-28133
- EPSS 31.6%
- Published 29.03.2022 13:15:08
- Last modified 21.11.2024 06:56:48
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server con...
5.5
CVE-2022-28134
- EPSS 0.91%
- Published 29.03.2022 13:15:08
- Last modified 21.11.2024 06:56:49
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.
1