CVE-2025-64148

A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Published Oct 30, 2025

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3570

CVSS ScoreMedium

5.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-64148

A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Published Oct 30, 2025

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3570

CVSS ScoreMedium

5.3


maven	org.jenkins-ci.plugins/publish-to-bitbucket	0.4

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/publish-to-bitbucket	0.4

Find vulnerabilities. Fix fast with AI.

CVE-2025-64148

CVE-2025-64148