← Back

Bitbucket Server Integration

bitbucket_server_integration

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-24398
1Jenkins
1Bitbucket Server Integration
Jun 6, 2025
Jan 22, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
CVE-2022-28134
1Jenkins
1Bitbucket Server Integration
Nov 21, 2024
Mar 29, 2022
N/A· v4
5.4 MEDIUM· v3
5.5 MEDIUM· v2
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server con...Show more
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.Show less
CVE-2022-28133
1Jenkins
1Bitbucket Server Integration
Nov 21, 2024
Mar 29, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able...Show more
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.Show less