Vulnerability Details CVE-2025-64149
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.2%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2025-64149
-
cpe:2.3:a:jenkins:publish_to_bitbucket:0.4