Description
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/12/17/1
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681
Related Vulnerabilities
CVE-2023-44487 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-23448 Vulnerability in npm package config-handler
CVE-2017-1000421 Vulnerability in maven package org.webjars:gifsicle
CVE-2019-15599 Vulnerability in npm package tree-kill
CVE-2022-35980 Vulnerability in maven package org.opensearch.plugin:opensearch-security