GHSA-x8mf-jcmf-r79f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x8mf-jcmf-r79f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-x8mf-jcmf-r79f/GHSA-x8mf-jcmf-r79f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x8mf-jcmf-r79f
- Aliases
-
- CVE-2024-39460
- Published
- 2024-06-26T18:30:28Z
- Modified
- 2024-06-26T20:13:25.252230Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
- Details
-
Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.
Bitbucket Branch Source Plugin 887.vad359b3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.
- Database specific
{ "nvd_published_at": "2024-06-26T17:15:27Z", "cwe_ids": [ "CWE-532" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-06-26T20:00:03Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-39460
- https://github.com/jenkinsci/bitbucket-branch-source-plugin/commit/ad359b3d2d8d6c114025d81abc59b3c9acb636df
- https://github.com/jenkinsci/bitbucket-branch-source-plugin
- https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363
- http://www.openwall.com/lists/oss-security/2024/06/26/2
Affected packages
Maven / org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Package
- Name
- org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed887.va
Affected versions
1.*
1.3
1.4
1.5
1.7
1.8
1.9
2.*
2.0.0-beta-1
2.0.0
2.0.1
2.0.2-beta-1
2.0.2
2.1.0
2.1.1-beta-1
2.1.1
2.1.2
2.2.0-alpha-1
2.2.0-alpha-4
2.2.0-beta-1
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.3.0
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.7.2
2.9.8
2.9.9
2.9.10
2.9.11
2.9.11.2
723.*
723.vbabdf19eb4c7
725.*
725.vd9f8be0fa250
726.*
726.vb0c1ea6c9336
731.*
731.v1f980b7eba32
734.*
734.v2f848c5e6ea2
737.*
737.vdf9dc06105be
746.*
746.v350d2781c184
751.*
751.vda_24678a_f781
756.*
756.v081ee2205040
757.*
757.vddedc5f2589a_
762.*
762.v969cfe087fc0
765.*
765.v5a_2d6a_23c01d
773.*
773.v4b_9b_005b_562b_
784.*
784.v7fcdc7c670f6
785.*
785.ve724eb_44e286
791.*
791.vb_eea_a_476405b
796.*
796.v6cb_1559e1673
800.*
800.va_b_b_9a_a_5035c1
803.*
803.vd9c5e84c41fa_
804.*
804.v8b_0642650b_d2
805.*
805.v7f97d29dc0f5
809.*
809.vc1d904b_30426
820.*
820.v30b_e8c1e36f3
825.*
825.va_6a_dc46a_f97d
832.*
832.v43175a_425ea_6
843.*
843.vd09104df7988
845.*
845.v27a_d5823911b_
848.*
848.v42c6a_317eda_e
848.850.v6a_a_2a_234a_c81
856.*
856.v04c46c86f911
866.*
866.vdea_7dcd3008e
871.*
871.v28d74e8b_4226
872.*
872.vb_8fa_89198661
873.*
873.v0ed259216f8d
874.*
874.v659a_b_70f5e69
876.*
876.v857269a_5f439
877.*
877.vb_b_d5243f6794
878.*
878.v4a_79a_b_946282
880.*
880.vcf4056c5a_71f
883.*
883.v041fa_695e9c2
886.*
886.v44cf5e4ecec5