CVSS 3.1 Score 7.5 of 10 (high)


Published Sep 6, 2023
Updated: Sep 11, 2023
CWE ID 918


CVE-2023-41937, also known as Jenkins Bitbucket Push and Pull Request Plugin vulnerability, affects versions 2.4.0 through 2.8.3 of the plugin. This vulnerability allows attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload. The affected products include spse2a, spse2b, spse2Y, spse2Z, spse2e, spse2f, spse2c, spse2d, spse2S, spse2T, spse2Q, spse2R, spse2W, spse2X, spse2U, spse2V, spse2P, and spse2g. To remediate this issue and protect against potential danger to an organization's data confidentiality, it is recommended to update the affected plugin to a version beyond 2.8.3 as soon as possible.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41937 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options