CVE-2023-24428

Name of the Vulnerable Software and Affected Versions Jenkins Bitbucket OAuth Plugin versions 0.12 and earlier

Description A cross-site request forgery (CSRF) issue allows attackers to trick users into logging in to the attacker's account. This can be achieved by exploiting the vulnerability in the Jenkins Bitbucket OAuth Plugin, which enables attackers to perform unauthorized actions on behalf of the user.

Recommendations For Jenkins Bitbucket OAuth Plugin versions 0.12 and earlier, consider disabling the OAuth functionality until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to sensitive operations that rely on the OAuth plugin to minimize the risk of unauthorized access.