Vulnerabilities > Jenkins > Bitbucket Oauth > 0.10

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-24427 Session Fixation vulnerability in Jenkins Bitbucket Oauth
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-384
critical
 9.8
9.8
2023-01-26 CVE-2023-24428 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Oauth
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
network
low complexity
jenkins CWE-352
5.7
5.7