-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing session invalidation during the OAuth login flow. The patch explicitly adds session.invalidate() before creating a new session in doFinishLogin, confirming this was the vulnerable entry point. The pre-patch code retrieved session attributes without resetting the session, leaving it open to fixation attacks. The function's role in handling authentication completion makes it the logical point for this vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:bitbucket-oauth | maven | < 0.13 | 0.13 |
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report