CVE-2025-24398
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
More information : https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3434