Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14OG1mLWpjbWYtcjc5Zs4AA9Xs
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.
Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.
Permalink: https://github.com/advisories/GHSA-x8mf-jcmf-r79fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OG1mLWpjbWYtcjc5Zs4AA9Xs
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: 2 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-x8mf-jcmf-r79f, CVE-2024-39460
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-39460
- https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363
- http://www.openwall.com/lists/oss-security/2024/06/26/2
- https://github.com/jenkinsci/bitbucket-branch-source-plugin/commit/ad359b3d2d8d6c114025d81abc59b3c9acb636df
- https://github.com/advisories/GHSA-x8mf-jcmf-r79f
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Affected Version Ranges: <= 886.v44cf5e4ecec5Fixed in: 887.va