{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-39460", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2024-06-25T08:12:57.626Z", "datePublished": "2024-06-26T17:06:27.695Z", "dateUpdated": "2024-08-02T04:26:15.217Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-06-26T17:06:27.695Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins Bitbucket Branch Source Plugin", "versions": [{"version": "0", "versionType": "maven", "lessThanOrEqual": "886.v44cf5e4ecec5", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases."}], "references": [{"name": "Jenkins Security Advisory 2024-06-26", "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:00:11.418148Z", "id": "CVE-2024-39460", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:00:20.037Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.217Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2024-06-26", "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/26/2", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363", "name": "Jenkins Security Advisory 2024-06-26", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/26/2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.217Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39460", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T19:00:11.418148Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:00:17.056Z"}}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins Bitbucket Branch Source Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "maven", "lessThanOrEqual": "886.v44cf5e4ecec5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363", "name": "Jenkins Security Advisory 2024-06-26", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"}], "descriptions": [{"lang": "en", "value": "Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-06-26T17:06:27.695Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39460", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:26:15.217Z", "dateReserved": "2024-06-25T08:12:57.626Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2024-06-26T17:06:27.695Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases."}, {"lang": "es", "value": " El complemento Jenkins Bitbucket Branch Source 886.v44cf5e4ecec5 y anteriores imprime el token de acceso Bitbucket OAuth como parte de la URL de Bitbucket en el registro de compilaci\u00f3n en algunos casos."}], "id": "CVE-2024-39460", "lastModified": "2024-06-27T12:47:19.847", "metrics": {}, "published": "2024-06-26T17:15:27.180", "references": [{"source": "jenkinsci-cert@googlegroups.com", "url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"}, {"source": "jenkinsci-cert@googlegroups.com", "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "jenkins: bitbucket: Improper neutralization of OAuth credentials", "id": "2294464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294464"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-117", "details": ["Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.", "A vulnerability was found in Jenkins Bitbucket. In some cases, it prints the Bitbucket OAuth access token as part of the Bitbucket URL."], "name": "CVE-2024-39460", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2024-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39460\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39460\nhttp://www.openwall.com/lists/oss-security/2024/06/26/2\nhttps://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363"], "threat_severity": "Low"}