Description
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
Remediation
References
https://jenkins.io/security/advisory/2018-01-22/
http://www.securityfocus.com/bid/102809
Related Vulnerabilities
CVE-2023-49299 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master
CVE-2019-10305 Vulnerability in maven package com.xebialabs.xl-deploy:jenkins-dependendencies
CVE-2020-2269 Vulnerability in maven package org.jenkins-ci.plugins:chosen-views-tabbar
CVE-2022-28135 Vulnerability in maven package org.jvnet.hudson.plugins:instant-messaging
CVE-2019-20343 Vulnerability in maven package org.codehaus.mojo:exec-maven-plugin