[JENKINS-75365] Build Now action in Bitbucket couldn't be initiated

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: atlassian-bitbucket-server-integration-plugin
Labels:
- triaged
Environment:
Jenkins 2.492.1
Bitbucket Server Integration Plugin 4.1.4
Bitbucket Server v7.21.6

Similar Issues:
Powered by SuggestiMate

Show

The build now action in Bitbucket (see below) can't be initiated in Bitbucket Server Integration Plugin 4.1.4.

I believe this is because version 4.1.4 fixes Jenkins Security Advisory 2025-01-22. However, CSRF protection is not disabled for this URL.

Jenkins responds with the following:

Bitbucket doesn't have access to the crumb generated by Jenkins in the Jenkins user's session and therefore can't provide it in the Jenkins-Crumb header.

Rolling back the plugin to version 4.1.3 fixes this issue, but doesn't include the security fixes from 4.1.4

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screenshot 2025-03-04 150425.png
6 kB
2025-03-04 19:28
Screenshot 2025-03-04 150326.png
8 kB
2025-03-04 19:31
Screenshot 2025-03-04 150953.png
60 kB
2025-03-04 19:34

Austin created issue - 3 days ago

Austin made changes - 3 days ago

Attachment

Original: Screenshot 2025-03-04 150820.png [ 64044 ]

Austin made changes - 3 days ago

Priority

Original: Minor [ 4 ]

New: Major [ 3 ]

Dyon made changes - 2 days ago

Labels

New: triaged

Assignee:: Unassigned

Reporter:: Austin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 4 days ago 19:36

Updated:: 2 days ago 18:51

Jenkins

Details

Description

Attachments

Attachments

Activity

People

Dates