CNNVD-202510-3998 Information

CNNVD ID

CNNVD-202510-3998

Related CVE

CVE-2025-64148

• CNNVD Published: 2025-10-29

Description (Chinese)

Jenkins Publish to Bitbucket Plugin是Jenkins开源的一个自动化发布插件。 Jenkins Publish to Bitbucket Plugin 0.4及之前版本存在安全漏洞，该漏洞源于缺少权限检查，可能导致攻击者枚举Jenkins中存储的凭据ID。

Description (English)

Jenkins Public to Bitbucket Plugin is an automated distribution plugin for Jenkins open source. There is a security loophole in Jenkins Publish to Bitbucket Plugin 0.4 and earlier versions, which stems from a lack of access checks, which could lead the attackers to quote the ID stored in Jenkins.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-10-29

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3570 https://access.redhat.com/security/cve/cve-2025-64148

Patch

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3570