CVE-2025-24398

Published: Jan 22, 2025Modified: Jun 6, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

Affected (1)

Products: Jenkins: Bitbucket Server Integration

Jenkins

1 product

Bitbucket Server Integration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Bitbucket Server Integration	From 2.1.0 to 4.1.4

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3434

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

Timeline

No history available yet.