CVE-2024-39460

MEDIUM

Jenkins Bitbucket Branch Source Plugin <= 886.v44cf5e4ecec5 - Sensitive Information Exposure in Build Log

Title source: llm

Description

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363

Mailing List

http://www.openwall.com/lists/oss-security/2024/06/26/2

Scores

CVSS v3 4.3

EPSS 0.0049

EPSS Percentile 38.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (2)

jenkins/bitbucket_branch_source < 886.v44cf5e4ecec5

org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source 0 - 887.vaMaven

Published Jun 26, 2024

Tracked Since Feb 18, 2026