CVE-2026-57289_CVE-2026-57289

4.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.

Basic Information

ID CVE-2026-57289

Source jenkins

Published Jun 24, 2026 at 13:20

Modified Jun 24, 2026 at 14:15

Affected Product

Vendor Jenkins Project

Product Jenkins Bitbucket Push and Pull Request Plugin

Affected Versions Jenkins Project Jenkins Bitbucket Push and Pull Request Plugin 0

CWE Classification

CWE-295

References

www.jenkins.io /security/advisory/2026-06-24/

{
    "lastseen": "",
    "description": "Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.",
    "published": "2026-06-24T13:20:09.247Z",
    "modified": "2026-06-24T14:15:52.030Z",
    "type": "cve",
    "title": "CVE-2026-57289",
    "source": "jenkins",
    "references": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3856",
    "id": "CVE-2026-57289",
    "bulletinFamily": "",
    "cwe": [
        "CWE-295"
    ],
    "cvelist": null,
    "sourceData": "Jenkins Project Jenkins Bitbucket Push and Pull Request Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Jenkins Bitbucket Push and Pull Request Plugin",
    "version": "0",
    "vendor": "Jenkins Project",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}