PT-2024-4652 · Jenkins · Jenkins Bitbucket Branch Source Plugin+1
Published
2024-06-18
·
Updated
2025-10-10
·
CVE-2024-39460
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins Bitbucket Branch Source Plugin versions 886.v44cf5e4ecec5 and earlier
Description:
The issue is related to the disclosure of information through log files. In some cases, the Bitbucket OAuth access token is printed as part of the Bitbucket URL in the build log. This could allow a remote attacker to gain unauthorized access to protected information.
Recommendations:
For versions 886.v44cf5e4ecec5 and earlier, consider updating to a version that does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log, such as version 887.va d359b 3d2d8d. As a temporary workaround, restrict access to the build log to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Bitbucket Branch Source Plugin