CVE-2024-39460
MEDIUM4.3EPSS 0.21%Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
發布日:2024/6/26修改日:2024/6/26
描述
Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.
受影響套件(1)
- Maven/org.jenkins-ci.plugins:cloudbees-bitbucket-branch-sourcefrom 0, < 887.va
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-39460
- PATCHhttps://github.com/jenkinsci/bitbucket-branch-source-plugin
- WEBhttps://github.com/jenkinsci/bitbucket-branch-source-plugin/commit/ad359b3d2d8d6c114025d81abc59b3c9acb636df
- WEBhttps://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363
- WEBhttp://www.openwall.com/lists/oss-security/2024/06/26/2