CVE-2019-10460 — CVSS 7.8 (high): Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins…
CVE-2023-24428 — CVSS 5.7 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into…
CVE-2026-48924 — CVSS 4.3 (medium): Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing…