CVE-2023-24428

Cross-Site Request Forgery (CSRF) in maven/org.jenkins-ci.plugins/bitbucket-oauth

Identifiers

CVE-2023-24428, GHSA-685j-36qx-3vp2

Package Slug

maven/org.jenkins-ci.plugins/bitbucket-oauth

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.

Affected Versions

All versions before 0.13

Solution

Upgrade to version 0.13 or above.

Last Modified

2023-01-27

source