PT-2026-51799 · Jenkins · Jenkins Bitbucket Push/Pull Request Plugin

Published

2026-06-24

Updated

2026-06-24

CVE-2026-57289

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2026-57289

Affected Products

Jenkins Bitbucket Push/Pull Request Plugin

PT-2026-51799 · Jenkins · Jenkins Bitbucket Push/Pull Request Plugin

CVE-2026-57289

Weakness Enumeration

Related Identifiers

Affected Products

References · 2