Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24398

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

Published

2025-01-22T17:15:13.760

Last Modified

2025-06-06T15:23:36.577

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	bitbucket_server_integration	< 4.1.4	Yes

References

https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3434 Vendor Advisory ([email protected])