Vulnerability Details CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.0%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-48924
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.1
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.10
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.11
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.12
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.13
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.2
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.3
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.4
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.5
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.6
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.7
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.8
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.9