Vulnerability Description
Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Bitbucket Branch Source | <= 886.v44cf5e4ecec5 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/06/26/2Mailing List
- https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363Vendor Advisory
- http://www.openwall.com/lists/oss-security/2024/06/26/2Mailing List
- https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363Vendor Advisory
FAQ
What is CVE-2024-39460?
CVE-2024-39460 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.
How severe is CVE-2024-39460?
CVE-2024-39460 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39460?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Bitbucket Branch Source.