CVE-2023-41937: Jenkins Bitbucket Push&PR <=2.8.3 Credential Leak via Webhook
CVE-2023-41937 Published on September 6, 2023

Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.

Vendor Advisory NVD

Products Associated with CVE-2023-41937

Want to know whenever a new CVE is published for Jenkins Bitbucket Push Pull Request? stack.watch will email you.

Jenkins Bitbucket Push Pull Request

Affected Versions

Jenkins Project Jenkins Bitbucket Push and Pull Request Plugin:

Version 2.4.0, <= 2.8.3 is affected.

Exploit Probability

EPSS

0.07%

Percentile

21.27%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2023-41937: Jenkins Bitbucket Push&PR <=2.8.3 Credential Leak via WebhookCVE-2023-41937 Published on September 6, 2023

Products Associated with CVE-2023-41937

Affected Versions

Exploit Probability

CVE-2023-41937: Jenkins Bitbucket Push&PR <=2.8.3 Credential Leak via Webhook
CVE-2023-41937 Published on September 6, 2023