CVE-2025-24398

Summary

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Bitbucket Server Integration Plugin2.1.0 <= 4.1.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References