Primary

Context

Jenkins Bitbucket OAuth Plugin Open Redirect Vulnerability

Vulnerability

Patched

An open redirect vulnerability has been identified in the Jenkins Bitbucket OAuth Plugin, affecting versions through 0.17. This vulnerability allows attackers to manipulate the redirect URL after login, potentially leading to phishing attacks. By directing users to a Jenkins URL that forwards them to a different site post-authentication, attackers can exploit this flaw.

Impact

Exploitation of this vulnerability could lead to phishing attacks, where users are tricked into providing sensitive information or credentials on a fraudulent website.

Remediation

Users of the Jenkins Bitbucket OAuth Plugin are advised to update to version 0.18, which restricts redirects to relative Jenkins URLs only.

Added: May 28, 2026, 4:40 AM

Updated: May 28, 2026, 4:40 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.2

exploitability

6.2

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.2

exploitability

6.2

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Bitbucket OAuth Plugin Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins Bitbucket OAuth Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating