{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-39460", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2024-06-25T08:12:57.626Z", "datePublished": "2024-06-26T17:06:27.695Z", "dateUpdated": "2025-02-13T17:53:17.942Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-06-26T17:10:08.906Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins Bitbucket Branch Source Plugin", "versions": [{"version": "0", "versionType": "maven", "lessThanOrEqual": "886.v44cf5e4ecec5", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases."}], "references": [{"name": "Jenkins Security Advisory 2024-06-26", "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:00:11.418148Z", "id": "CVE-2024-39460", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T15:59:03.401Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.217Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2024-06-26", "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/26/2", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363", "name": "Jenkins Security Advisory 2024-06-26", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/26/2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.217Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-39460", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T19:00:11.418148Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:00:17.056Z"}}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins Bitbucket Branch Source Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "maven", "lessThanOrEqual": "886.v44cf5e4ecec5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363", "name": "Jenkins Security Advisory 2024-06-26", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"}], "descriptions": [{"lang": "en", "value": "Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-06-26T17:10:08.906Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39460", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:53:17.942Z", "dateReserved": "2024-06-25T08:12:57.626Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2024-06-26T17:06:27.695Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:bitbucket_branch_source:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "6DB1AFAB-11ED-4AC1-A5D9-E569FB092A07", "versionEndIncluding": "886.v44cf5e4ecec5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases."}, {"lang": "es", "value": " El complemento Jenkins Bitbucket Branch Source 886.v44cf5e4ecec5 y anteriores imprime el token de acceso Bitbucket OAuth como parte de la URL de Bitbucket en el registro de compilaci\u00f3n en algunos casos."}], "id": "CVE-2024-39460", "lastModified": "2025-10-10T15:29:17.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-26T17:15:27.180", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "jenkins: bitbucket: Improper neutralization of OAuth credentials", "id": "2294464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294464"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-117", "details": ["Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.", "A vulnerability was found in Jenkins Bitbucket. In some cases, it prints the Bitbucket OAuth access token as part of the Bitbucket URL."], "name": "CVE-2024-39460", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Fix deferred", "package_name": "jenkins-2-plugins", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2024-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39460\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39460\nhttp://www.openwall.com/lists/oss-security/2024/06/26/2\nhttps://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3363"], "threat_severity": "Low"}

{}