Vulnerability Details CVE-2026-57289
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 0.9%
CVSS Severity
CVSS v3 Score 4.8