Security
Headlines
HeadlinesLatestCVEs

Tag

#bitbucket

GHSA-qjw6-xvrm-5f2h: Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery (CSRF) protection for specific URLs. Bitbucket Server Integration Plugin implements this extension point to support OAuth 1.0 authentication. In Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) this implementation is too permissive, allowing attackers to craft URLs that would bypass the CSRF protection of any target URL. Bitbucket Server Integration Plugin 4.1.4 restricts which URLs it disables cross-site request forgery (CSRF) protection for to the URLs that needs it.

ghsa
Open in Source
#csrf#git#java#oauth#auth#bitbucket#maven
Malicious Kong Ingress Controller Image Found on DockerHub

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account…

Godot Engine Exploited to Spread Malware on Windows, macOS, Linux

Check Point Research has discovered cybercriminals exploiting the popular Godot Game Engine to deliver malicious software. Discover the techniques used by attackers and how to protect yourself from these threats.

APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack,

Large eBay malvertising campaign leads to scams

Consumers are being swamped by Google ads claiming to be eBay's customer service.

Hackers Claim Access to Nokia Internal Data, Selling for $20,000

Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal…

How To Create a Complete GitHub Backup

The issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.…

Fake League of Legends Download Ads Spread Lumma Stealer Malware

League of Legends fans beware! A new malware campaign targeting the League of Legends World Championship is spreading…

There is no real fix to the security issues recently found in GitHub and other similar software

The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software.

GHSA-x8mf-jcmf-r79f: Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.