Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
9.8CVSS
9.3AI Score
0.002EPSS
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
5.7CVSS
5.5AI Score
0.0005EPSS