CNNVD-202510-4000 Information

CNNVD ID

CNNVD-202510-4000

Related CVE

CVE-2025-64149

• CNNVD Published: 2025-10-29

Description (Chinese)

Jenkins Publish to Bitbucket Plugin是Jenkins开源的一个自动化发布插件。 Jenkins Publish to Bitbucket Plugin 0.4及之前版本存在安全漏洞，该漏洞源于容易受到跨站请求伪造攻击，可能导致捕获存储在Jenkins中的凭据。

Description (English)

Jenkins Public to Bitbucket Plugin is an automated distribution plugin for Jenkins open source. Jenkins Publish to Bitbucket Plugin 0.4 and earlier versions had a security loophole, which stemmed from the vulnerability of cross-site requests for false attacks and could lead to the capture of evidence stored in Jenkins.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-10-29

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3576 https://access.redhat.com/security/cve/cve-2025-64149

Patch

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3576