CVE-2025-64149
MEDIUMJenkins Publish TO Bitbucket < 0.4 - CSRF
Title source: ruleDescription
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Scores
CVSS v3
5.4
EPSS
0.0003
EPSS Percentile
9.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Classification
CWE
CWE-352
Status
published
Affected Products (2)
jenkins/publish_to_bitbucket
< 0.4
org.jenkins-ci.plugins/publish-to-bitbucket
Maven
Timeline
Published
Oct 29, 2025
Tracked Since
Feb 18, 2026