CVE-2024-39460

MEDIUM

Jenkins Bitbucket Branch Source - Log Information Exposure

Title source: rule

Description

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

References (2)

[Vendor Advisory] https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363

[Mailing List] http://www.openwall.com/lists/oss-security/2024/06/26/2

Scores

CVSS v3 4.3

EPSS 0.0021

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (2)

jenkins/bitbucket_branch_source < 886.v44cf5e4ecec5

org.jenkins-ci.plugins/cloudbees-bitbucket-branch-source 0 - 887.vaMaven

Published Jun 26, 2024

Tracked Since Feb 18, 2026