Loading market data...
← Back to CVE feed

CVE-2026-57289

MEDIUM CVSS 4.8 View on NVD ↗

Description

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Published: Jun 24, 2026 14:17 UTC Modified: Jun 24, 2026 15:16 UTC