Vulnerability Details CVE-2025-24398
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.8%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-24398
-
cpe:2.3:a:jenkins:bitbucket_server_integration:2.1.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:2.1.1
-
cpe:2.3:a:jenkins:bitbucket_server_integration:2.1.2
-
cpe:2.3:a:jenkins:bitbucket_server_integration:2.1.3
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.0.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.0.1
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.0.2
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.1.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.2.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.2.1
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.2.2
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.2.3
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.3.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.3.1
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.3.2
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.4.1
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.4.2
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.5.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:3.6.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:4.0.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:4.1.0
-
cpe:2.3:a:jenkins:bitbucket_server_integration:4.1.1
-
cpe:2.3:a:jenkins:bitbucket_server_integration:4.1.2
-
cpe:2.3:a:jenkins:bitbucket_server_integration:4.1.3