Описание
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.
Пакеты
Наименование
io.jenkins.plugins:atlassian-bitbucket-server-integration
maven
Затронутые версииВерсия исправления
>= 2.0.0, < 3.2.0
3.2.0
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.