Vulnerabilities > Jenkins > Bitbucket Oauth

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-24427 Session Fixation vulnerability in Jenkins Bitbucket Oauth
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-384
critical
9.8
2023-01-26 CVE-2023-24428 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Oauth
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
network
low complexity
jenkins CWE-352
5.7
2019-10-23 CVE-2019-10460 Insufficiently Protected Credentials vulnerability in Jenkins Bitbucket Oauth
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
local
low complexity
jenkins CWE-522
7.8