Количество 2
Количество 2
CVE-2023-41937
Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.
GHSA-vrpg-c7c4-8mpx
SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-41937 Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-vrpg-c7c4-8mpx SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу