Missing Authorization Affecting org.jenkins-ci.plugins:publish-to-bitbucket package, versions [0,]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Missing Authorization vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-JAVA-ORGJENKINSCIPLUGINS-13774797
- published30 Oct 2025
- disclosed29 Oct 2025
- creditLotfi Yahi
Introduced: 29 Oct 2025
NewCVE-2025-64148 (opens in a new tab)How to fix?
There is no fixed version for org.jenkins-ci.plugins:publish-to-bitbucket.
Overview
org.jenkins-ci.plugins:publish-to-bitbucket is a This plugin publishes the current code to a bitbucket server by creating a new repository and/or project. Creates a Bitbucket repository (and associated project) from the current code.
Features
Creates Bitbucket repository based on the current code in the workspace Creates Bitbucket projects for the repository if needed. Assign users with read/write permission to the repository Assign group with read/write permission to the repository Potential upcoming features
Support for github Requirements
Existing Bitbucket server. Bitbucket user with permission to create the repository/project Jenkins
Jenkins version 1.642.3 or newer is required. Version 1.0 (March 27, 2017) Initial release
Affected versions of this package are vulnerable to Missing Authorization due to a lack of permission check in a method implementing form validation. An attacker with Overall/Read permission can obtain credential identifiers by sending crafted requests with insufficient permissions.