CVE-2023-24427: Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin

January 26, 2023 (updated February 4, 2023)

Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.

References

github.com/advisories/GHSA-x9q4-qwfh-9gjq
github.com/jenkinsci/bitbucket-oauth-plugin/commit/b73ac285f8cfcc9727f089c6b2c7f13412285e7c
nvd.nist.gov/vuln/detail/CVE-2023-24427
www.jenkins.io/security/advisory/2023-01-24/

Code Behaviors & Features

Detect and mitigate CVE-2023-24427 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →