CVE-2026-57289
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-57289
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Jenkins Project | Jenkins Bitbucket Push and Pull Request Plugin | 0 ~ 3.3.8 | - |
II. Public POCs for CVE-2026-57289
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-57289
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-57289 (1)
Same Patch Batch · Jenkins Project · 2026-06-24 · 28 CVEs total
| CVE-2026-57293 | Jenkins Gitee插件1288.v18b及之前版本权限检查错误漏洞 | |
| CVE-2026-57280 | Jenkins Script Security Plugin插件漏洞 | |
| CVE-2026-57282 | Jenkins Git client插件6.6.0及之前版本命令注入漏洞 | |
| CVE-2026-57281 | Jenkins Script Security插件沙箱绕过漏洞 | |
| CVE-2026-57283 | Jenkins Pipeline: Groovy Plugin CSRF漏洞 | |
| CVE-2026-57284 | Jenkins Pipeline Groovy插件实例化类型限制绕过 | |
| CVE-2026-57285 | Jenkins GitHub Branch Source插件权限绕过漏洞 | |
| CVE-2026-57287 | Jenkins相关插件信息泄露漏洞 | |
| CVE-2026-57286 | Jenkins Git Parameter Plugin信息泄露漏洞 | |
| CVE-2026-57288 | Jenkins Active Directory Plugin LDAP注入漏洞 | |
| CVE-2026-57291 | Jenkins Gitee插件1288.v18b_及以前版本存在越权漏洞 | |
| CVE-2026-57290 | Jenkins Priority Sorter插件CSRF漏洞 | |
| CVE-2026-57292 | Jenkins Gitee Plugin CSRF漏洞 | |
| CVE-2026-57294 | Jenkins EC2 Fleet Plugin越权读取AWS凭证漏洞 | |
| CVE-2026-57307 | Jenkins Zowe插件缺少权限检查致凭据泄露 | |
| CVE-2026-57295 | Jenkins EC2 Fleet Plugin CSRF漏洞 | |
| CVE-2026-57296 | Jenkins External Workspace Manager插件路径遍历致RCE | |
| CVE-2026-57297 | Jenkins Contrast插件3.11及之前版本存在SSRF漏洞 | |
| CVE-2026-57298 | Jenkins Contrast插件3.11及更早版本CSRF漏洞 | |
| CVE-2026-57299 | Contrast Plugin 3.11及之前版本权限检查缺失漏洞 |
Showing top 20 of 28 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2026-57289
No comments yet