CVE-2026-48924

Summary

Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Bitbucket OAuth Plugin0 <= 0.17affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References