Vulnerability Details CVE-2026-48924
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 11.9%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-48924
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.1
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.10
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.11
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.12
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.13
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.14
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.15
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.16
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.17
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.2
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.3
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.4
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.5
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.6
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.7
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.8
-
cpe:2.3:a:jenkins:bitbucket_oauth:0.9