Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14OG1mLWpjbWYtcjc5Zs4AA9Xs

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.

Permalink: https://github.com/advisories/GHSA-x8mf-jcmf-r79f
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OG1mLWpjbWYtcjc5Zs4AA9Xs
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 18 days ago
Updated: 18 days ago


CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-x8mf-jcmf-r79f, CVE-2024-39460
References: Repository: https://github.com/jenkinsci/bitbucket-branch-source-plugin
Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Affected Version Ranges: <= 886.v44cf5e4ecec5
Fixed in: 887.va