CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Bitbucket Server Integration >> 1.0.3 Security Vulnerabilities

CVE-2022-28133

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.

CVSS Score

5.4

EPSS Score

0.316

Published

2022-03-29

CVE-2022-28134

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.

CVSS Score

5.4

EPSS Score

0.009

Published

2022-03-29

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Bitbucket Server Integration >> 1.0.3 Security Vulnerabilities

Products

Pricing

Contact Us