Jenkins Bitbucket Server Integration Plugin
Moderate fix1 remedy
cpe:2.3:a:jenkins:bitbucket_server_integration:*:*:*:*:jenkins:*:*
Moderate fix1 remedy
- >= 2.1.0, <= 4.1.3
Jenkins Bitbucket Server Integration Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A cross-site request forgery (CSRF) vulnerability has been identified in the Jenkins Bitbucket Server Integration Plugin, versions 2.1.0 through 4.1.3. This vulnerability allows attackers to craft URLs that bypass CSRF protection for any target URL within Jenkins. The issue arises because the plugin's implementation of CSRF protection is overly permissive, enabling the creation of links that can manipulate Jenkins actions without proper authorization.
Impact
Exploitation of this vulnerability allows for general CSRF attacks, where an attacker can perform actions on behalf of a user without their consent, potentially leading to unauthorized changes or data exposure within Jenkins.
Remediation
Users of the Jenkins Bitbucket Server Integration Plugin should update to version 4.1.4, which restricts the URLs for which CSRF protection can be disabled to only those that require it.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
5.0exploitability
6.0remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.