Vulnerabilities > Jenkins > Bitbucket Oauth > 0.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-26 | CVE-2023-24427 | Session Fixation vulnerability in Jenkins Bitbucket Oauth Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. | 9.8 |
2023-01-26 | CVE-2023-24428 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Oauth A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. | 5.7 |